User Tag List

farbar

This is a discussion on farbar within the Resolved HJT Threads forums, part of the Tech Support Forum category. I have tried nearly everything and can't find the program to get rid of this Ice virus I downloaded farbar


 
 
Thread Tools Search this Thread
Old 06-26-2013, 07:47 AM   #1
Registered Member
 
Join Date: Jun 2013
Posts: 15
OS: windows 7


Evil

I have tried nearly everything and can't find the program to get rid of this Ice virus I downloaded farbar and tried it with these results Please help

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 25-06-2013 02
Ran by SYSTEM on 26-06-2013 09:31:13
Running from F:\
Windows 7 Home Premium Service Pack 1 (X64) OS Language: English(US)
Internet Explorer Version 10
Boot Mode: Recovery
The current controlset is ControlSet002
ATTENTION!:=====> FRST is updated to run from normal or Safe mode to produce a full FRST.txt log and an extra Addition.txt log.
==================== Registry (Whitelisted) ==================
HKLM\...\Run: [] [x]
HKLM\...\Run: [SmartAudio] C:\Program Files\CONEXANT\SAII\SAIICpl.exe /t [316032 2010-12-14] (Conexant systems, Inc.)
HKLM\...\Run: [TPwrMain] %ProgramFiles%\TOSHIBA\Power Saver\TPwrMain.EXE [590256 2011-05-17] (TOSHIBA Corporation)
HKLM\...\Run: [TCrdMain] %ProgramFiles%\TOSHIBA\FlashCards\TCrdMain.exe [972672 2011-04-27] (TOSHIBA Corporation)
HKLM\...\Run: [TosVolRegulator] C:\Program Files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe [24376 2009-11-11] (TOSHIBA Corporation)
HKLM\...\Run: [TosSENotify] C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe [710560 2011-06-09] (TOSHIBA Corporation)
HKLM\...\Run: [TosNC] %ProgramFiles%\Toshiba\BulletinBoard\TosNcCore.exe [597936 2011-07-27] (TOSHIBA Corporation)
HKLM\...\Run: [TosReelTimeMonitor] %ProgramFiles%\TOSHIBA\ReelTime\TosReelTimeMonitor.exe [38824 2011-06-28] (TOSHIBA Corporation)
HKLM\...\Run: [IntelliPoint] "c:\Program Files\Microsoft IntelliPoint\ipoint.exe" [2417032 2011-08-01] (Microsoft Corporation)
HKLM\...\Run: [lxctmon.exe] "C:\Program Files (x86)\Lexmark 5400 Series\lxctmon.exe" [291760 2006-11-22] ()
HKLM\...\Run: [EzPrint] "C:\Program Files (x86)\Lexmark 5400 Series\ezprint.exe" [82864 2006-11-22] (Lexmark International Inc.)
HKLM\...D6A79037F57F\InprocServer32: [Default-fastprox] ATTENTION! ====> ZeroAccess
HKLM-x32\...\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun [336384 2011-06-07] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [NortonOnlineBackupReminder] "C:\Program Files (x86)\Toshiba\Toshiba Online Backup\Activation\TOBuActivation.exe" UNATTENDED [3218864 2011-06-22] (Toshiba)
HKLM-x32\...\Run: [ToshibaAppPlace] "C:\Program Files (x86)\Toshiba\Toshiba App Place\ToshibaAppPlace.exe" [552960 2010-09-23] (Toshiba)
HKLM-x32\...\Run: [lxdvmon.exe] "C:\Program Files (x86) (x86)\Lexmark X5400 Series\lxdvmon.exe" [455336 2009-07-07] ()
HKLM-x32\...\Run: [lxdvamon] "C:\Program Files (x86) (x86)\Lexmark X5400 Series\lxdvamon.exe" [25256 2009-07-07] ()
HKLM-x32\...\Run: [Lexmark X5400 Series] "C:\Program Files (x86) (x86)\Lexmark X5400 Series\fm3032.exe" /s [307880 2009-07-07] ()
HKLM-x32\...\Run: [Lexmark 5400 Series] "C:\Program Files (x86)\Lexmark 5400 Series\fm3032.exe" /s [304048 2006-11-22] ()
HKLM-x32\...\Run: [Intuit SyncManager] C:\Program Files (x86)\Common Files\Intuit\Sync\IntuitSyncManager.exe startup [2771832 2012-12-07] (Intuit Inc. All rights reserved.)
HKLM-x32\...\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [SDTray] "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe" [3825176 2012-11-13] (Safer-Networking Ltd.)
HKLM-x32\...\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [59720 2013-04-21] (Apple Inc.)
HKLM-x32\...\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" [152392 2013-05-31] (Apple Inc.)
HKU\Sheri\...\Run: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [39408 2012-01-31] (Google Inc.)
HKU\Sheri\...\Run: [Spybot-S&D Cleaning] "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDCleaner.exe" /autoclean [3713032 2012-11-13] (Safer-Networking Ltd.)
HKU\Sheri\...\Run: [Conexant] rundll32 "C:\Users\Sheri\AppData\Local\Chromium\Conexant\idbepoam.dll",DllRegisterServer [1812480 2013-06-19] () <===== ATTENTION
HKU\Sheri\...\Run: [Lexmark X5400 Series] Regsvr32.exe "C:\Users\Sheri\AppData\Local\Lexmark X5400 Series\erhxhcjy.dll" [728576 2013-06-19] (NVIDIA Corporation)
HKU\Sheri\...\Run: [Internet Security] C:\Users\Sheri\AppData\Roaming\tdefender.exe [844288 2013-06-23] (Ask.com)
HKU\Sheri\...\Run: [qcgce2mrvjq91kk1e7pnbb19m52fx] C:\Users\Sheri\AppData\Local\Temp\grneewjtyxxsqehso.exe [52736 2013-06-24] (NVIDIA Corporation)
HKU\Sheri\...\Winlogon: [Shell] cmd.exe [345088 2010-11-20] (Microsoft Corporation) <==== ATTENTION
HKU\Sheri\...\Command Processor: "C:\Users\Sheri\AppData\Local\Temp\grneewjtyxxsqehso.exe" <===== ATTENTION!
Startup: C:\ProgramData\Start Menu\Programs\Startup\QuickBooks Update Agent.lnk
ShortcutTarget: QuickBooks Update Agent.lnk -> C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe (Intuit Inc.)
BootExecute: autocheck autochk * sdnclean64.exe
==================== Services (Whitelisted) =================
S2 Agent; C:\windows\VPDAgent_x64.exe [148480 2012-12-04] (Two Pilots)
S2 lxct_device; C:\windows\system32\lxctcoms.exe [566192 2006-11-22] ( )
S2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [22056 2013-01-27] (Microsoft Corporation)
S2 Neat Startup Service; C:\Program Files (x86)\Neat\exec\NeatStartupService.exe [5632 2013-02-22] (The Neat Company)
S3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [379360 2013-01-27] (Microsoft Corporation)
S2 PCCUJobMgr; C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.13.11\ccSvcHst.exe [126392 2011-07-19] (Symantec Corporation)
S2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [1103392 2012-11-13] (Safer-Networking Ltd.)
S2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [1369624 2012-11-13] (Safer-Networking Ltd.)
S2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [168384 2012-11-13] (Safer-Networking Ltd.)
==================== Drivers (Whitelisted) ====================
S0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [230320 2013-01-20] (Microsoft Corporation)
S3 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [130008 2013-01-20] (Microsoft Corporation)
==================== NetSvcs (Whitelisted) ===================

==================== One Month Created Files and Folders ========
2013-06-25 23:18 - 2013-06-25 23:18 - 00000000 ____D C:\FRST
2013-06-24 07:39 - 2013-06-24 07:39 - 02019358 ____A C:\Users\Sheri\AppData\Roaming\2433f433
2013-06-24 07:39 - 2013-06-24 07:39 - 02019357 ____A C:\ProgramData\2433f433
2013-06-24 07:39 - 2013-06-24 07:39 - 02019347 ____A C:\Users\Sheri\AppData\Local\2433f433
2013-06-23 09:33 - 2013-06-23 09:33 - 00844288 ____A (Ask.com) C:\Users\Sheri\AppData\Roaming\tdefender.exe
2013-06-23 09:33 - 2013-06-23 09:33 - 00844288 ____A (Ask.com) C:\Users\Sheri\AppData\Roaming\5A11.tmp
2013-06-23 09:33 - 2013-06-23 09:33 - 00147968 ____A (MRI Software Lab.) C:\Users\Sheri\winlogon.exe
2013-06-23 09:33 - 2013-06-23 09:33 - 00147968 ____A (MRI Software Lab.) C:\Users\Sheri\windowsupdate.exe
2013-06-23 09:33 - 2013-06-23 09:33 - 00000799 ____A C:\Users\Sheri\Desktop\Internet Security Pro.lnk
2013-06-23 09:33 - 2013-06-23 09:33 - 00000000 ____A C:\Users\Sheri\icq.exe
2013-06-23 08:58 - 2013-06-25 19:11 - 00082023 ____A C:\Windows\WindowsUpdate.log
2013-06-23 08:58 - 2013-06-23 08:58 - 00062776 ____A C:\Users\Sheri\AppData\Local\GDIPFONTCACHEV1.DAT
2013-06-23 08:55 - 2013-06-26 06:15 - 00001916 ____A C:\Windows\setupact.log
2013-06-23 08:55 - 2013-06-23 08:55 - 00291008 ____A C:\Windows\System32\FNTCACHE.DAT
2013-06-23 08:55 - 2013-06-23 08:55 - 00000000 ____A C:\Windows\setuperr.log
2013-06-21 02:14 - 2009-06-10 13:00 - 00000824 ____A C:\Windows\System32\Drivers\etc\hosts.20130621-051407.backup
2013-06-20 18:58 - 2013-06-20 18:58 - 00000000 ____D C:\Users\Sheri\AppData\Local\Wild Tangent
2013-06-20 08:17 - 2013-06-20 08:17 - 00000000 ____A C:\Users\Sheri\skype.exe
2013-06-20 06:58 - 2013-06-20 06:58 - 00000000 ____D C:\Users\Sheri\AppData\Roaming\wabEventSupport16
2013-06-19 06:56 - 2013-06-20 18:25 - 00000000 ____D C:\Users\Sheri\AppData\Local\Lexmark X5400 Series
2013-06-19 04:35 - 2013-04-16 23:02 - 01230336 ____A (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
2013-06-19 04:35 - 2013-04-16 22:24 - 01424384 ____A (Microsoft Corporation) C:\Windows\System32\WindowsCodecs.dll
2013-06-18 11:19 - 2013-06-18 11:19 - 19233792 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2013-06-18 11:19 - 2013-06-18 11:19 - 15404544 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2013-06-18 11:19 - 2013-06-18 11:19 - 14327808 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-06-18 11:19 - 2013-06-18 11:19 - 13760512 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-06-18 11:19 - 2013-06-18 11:19 - 03958784 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2013-06-18 11:19 - 2013-06-18 11:19 - 02877440 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-06-18 11:19 - 2013-06-18 11:19 - 02706432 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-06-18 11:19 - 2013-06-18 11:19 - 02706432 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2013-06-18 11:19 - 2013-06-18 11:19 - 02648064 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2013-06-18 11:19 - 2013-06-18 11:19 - 02241024 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2013-06-18 11:19 - 2013-06-18 11:19 - 02046976 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-06-18 11:19 - 2013-06-18 11:19 - 01767936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-06-18 11:19 - 2013-06-18 11:19 - 01509376 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2013-06-18 11:19 - 2013-06-18 11:19 - 01441280 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2013-06-18 11:19 - 2013-06-18 11:19 - 01400416 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dat
2013-06-18 11:19 - 2013-06-18 11:19 - 01400416 ____A (Microsoft Corporation) C:\Windows\System32\ieapfltr.dat
2013-06-18 11:19 - 2013-06-18 11:19 - 01365504 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2013-06-18 11:19 - 2013-06-18 11:19 - 01141248 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-06-18 11:19 - 2013-06-18 11:19 - 01054720 ____A (Microsoft Corporation) C:\Windows\System32\MsSpellCheckingFacility.exe
2013-06-18 11:19 - 2013-06-18 11:19 - 00905728 ____A (Microsoft Corporation) C:\Windows\System32\mshtmlmedia.dll
2013-06-18 11:19 - 2013-06-18 11:19 - 00855552 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2013-06-18 11:19 - 2013-06-18 11:19 - 00762368 ____A (Microsoft Corporation) C:\Windows\System32\ieapfltr.dll
2013-06-18 11:19 - 2013-06-18 11:19 - 00719360 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2013-06-18 11:19 - 2013-06-18 11:19 - 00690688 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-06-18 11:19 - 2013-06-18 11:19 - 00629248 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2013-06-18 11:19 - 2013-06-18 11:19 - 00603136 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
2013-06-18 11:19 - 2013-06-18 11:19 - 00599552 ____A (Microsoft Corporation) C:\Windows\System32\vbscript.dll
2013-06-18 11:19 - 2013-06-18 11:19 - 00526336 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2013-06-18 11:19 - 2013-06-18 11:19 - 00523264 ____A (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2013-06-18 11:19 - 2013-06-18 11:19 - 00493056 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-06-18 11:19 - 2013-06-18 11:19 - 00452096 ____A (Microsoft Corporation) C:\Windows\System32\dxtmsft.dll
2013-06-18 11:19 - 2013-06-18 11:19 - 00441856 ____A (Microsoft Corporation) C:\Windows\System32\html.iec
2013-06-18 11:19 - 2013-06-18 11:19 - 00391168 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-06-18 11:19 - 2013-06-18 11:19 - 00361984 ____A (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2013-06-18 11:19 - 2013-06-18 11:19 - 00357888 ____A (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2013-06-18 11:19 - 2013-06-18 11:19 - 00281600 ____A (Microsoft Corporation) C:\Windows\System32\dxtrans.dll
2013-06-18 11:19 - 2013-06-18 11:19 - 00270848 ____A (Microsoft Corporation) C:\Windows\System32\iedkcs32.dll
2013-06-18 11:19 - 2013-06-18 11:19 - 00247296 ____A (Microsoft Corporation) C:\Windows\System32\webcheck.dll
2013-06-18 11:19 - 2013-06-18 11:19 - 00242200 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2013-06-18 11:19 - 2013-06-18 11:19 - 00235008 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
2013-06-18 11:19 - 2013-06-18 11:19 - 00232960 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2013-06-18 11:19 - 2013-06-18 11:19 - 00226816 ____A (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2013-06-18 11:19 - 2013-06-18 11:19 - 00226304 ____A (Microsoft Corporation) C:\Windows\System32\elshyph.dll
2013-06-18 11:19 - 2013-06-18 11:19 - 00216064 ____A (Microsoft Corporation) C:\Windows\System32\msls31.dll
2013-06-18 11:19 - 2013-06-18 11:19 - 00204800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2013-06-18 11:19 - 2013-06-18 11:19 - 00197120 ____A (Microsoft Corporation) C:\Windows\System32\msrating.dll
2013-06-18 11:19 - 2013-06-18 11:19 - 00185344 ____A (Microsoft Corporation) C:\Windows\SysWOW64\elshyph.dll
2013-06-18 11:19 - 2013-06-18 11:19 - 00173568 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
2013-06-18 11:19 - 2013-06-18 11:19 - 00167424 ____A (Microsoft Corporation) C:\Windows\System32\iexpress.exe
2013-06-18 11:19 - 2013-06-18 11:19 - 00163840 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2013-06-18 11:19 - 2013-06-18 11:19 - 00158720 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msls31.dll
2013-06-18 11:19 - 2013-06-18 11:19 - 00150528 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iexpress.exe
2013-06-18 11:19 - 2013-06-18 11:19 - 00149504 ____A (Microsoft Corporation) C:\Windows\System32\occache.dll
2013-06-18 11:19 - 2013-06-18 11:19 - 00144896 ____A (Microsoft Corporation) C:\Windows\System32\wextract.exe
2013-06-18 11:19 - 2013-06-18 11:19 - 00138752 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wextract.exe
2013-06-18 11:19 - 2013-06-18 11:19 - 00137216 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2013-06-18 11:19 - 2013-06-18 11:19 - 00136704 ____A (Microsoft Corporation) C:\Windows\System32\iesysprep.dll
2013-06-18 11:19 - 2013-06-18 11:19 - 00136192 ____A (Microsoft Corporation) C:\Windows\System32\iepeers.dll
2013-06-18 11:19 - 2013-06-18 11:19 - 00135680 ____A (Microsoft Corporation) C:\Windows\System32\IEAdvpack.dll
2013-06-18 11:19 - 2013-06-18 11:19 - 00125440 ____A (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2013-06-18 11:19 - 2013-06-18 11:19 - 00117248 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iepeers.dll
2013-06-18 11:19 - 2013-06-18 11:19 - 00110592 ____A (Microsoft Corporation) C:\Windows\SysWOW64\IEAdvpack.dll
2013-06-18 11:19 - 2013-06-18 11:19 - 00109056 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2013-06-18 11:19 - 2013-06-18 11:19 - 00102912 ____A (Microsoft Corporation) C:\Windows\System32\inseng.dll
2013-06-18 11:19 - 2013-06-18 11:19 - 00097280 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2013-06-18 11:19 - 2013-06-18 11:19 - 00092160 ____A (Microsoft Corporation) C:\Windows\System32\SetIEInstalledDate.exe
2013-06-18 11:19 - 2013-06-18 11:19 - 00089600 ____A (Microsoft Corporation) C:\Windows\System32\RegisterIEPKEYs.exe
2013-06-18 11:19 - 2013-06-18 11:19 - 00082432 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll
2013-06-18 11:19 - 2013-06-18 11:19 - 00081408 ____A (Microsoft Corporation) C:\Windows\System32\icardie.dll
2013-06-18 11:19 - 2013-06-18 11:19 - 00079872 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2013-06-18 11:19 - 2013-06-18 11:19 - 00077312 ____A (Microsoft Corporation) C:\Windows\System32\tdc.ocx
2013-06-18 11:19 - 2013-06-18 11:19 - 00073728 ____A (Microsoft Corporation) C:\Windows\SysWOW64\SetIEInstalledDate.exe
2013-06-18 11:19 - 2013-06-18 11:19 - 00071680 ____A (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2013-06-18 11:19 - 2013-06-18 11:19 - 00069120 ____A (Microsoft Corporation) C:\Windows\SysWOW64\icardie.dll
2013-06-18 11:19 - 2013-06-18 11:19 - 00067072 ____A (Microsoft Corporation) C:\Windows\System32\iesetup.dll
2013-06-18 11:19 - 2013-06-18 11:19 - 00062976 ____A (Microsoft Corporation) C:\Windows\System32\pngfilt.dll
2013-06-18 11:19 - 2013-06-18 11:19 - 00061952 ____A (Microsoft Corporation) C:\Windows\SysWOW64\tdc.ocx
2013-06-18 11:19 - 2013-06-18 11:19 - 00061440 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2013-06-18 11:19 - 2013-06-18 11:19 - 00057344 ____A (Microsoft Corporation) C:\Windows\SysWOW64\pngfilt.dll
2013-06-18 11:19 - 2013-06-18 11:19 - 00053760 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2013-06-18 11:19 - 2013-06-18 11:19 - 00052224 ____A (Microsoft Corporation) C:\Windows\System32\msfeedsbs.dll
2013-06-18 11:19 - 2013-06-18 11:19 - 00051712 ____A (Microsoft Corporation) C:\Windows\System32\ie4uinit.exe
2013-06-18 11:19 - 2013-06-18 11:19 - 00051200 ____A (Microsoft Corporation) C:\Windows\System32\imgutil.dll
2013-06-18 11:19 - 2013-06-18 11:19 - 00048640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmler.dll
2013-06-18 11:19 - 2013-06-18 11:19 - 00048640 ____A (Microsoft Corporation) C:\Windows\System32\mshtmler.dll
2013-06-18 11:19 - 2013-06-18 11:19 - 00041984 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeedsbs.dll
2013-06-18 11:19 - 2013-06-18 11:19 - 00039936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-06-18 11:19 - 2013-06-18 11:19 - 00039936 ____A (Microsoft Corporation) C:\Windows\System32\iernonce.dll
2013-06-18 11:19 - 2013-06-18 11:19 - 00038400 ____A (Microsoft Corporation) C:\Windows\SysWOW64\imgutil.dll
2013-06-18 11:19 - 2013-06-18 11:19 - 00033280 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2013-06-18 11:19 - 2013-06-18 11:19 - 00027648 ____A (Microsoft Corporation) C:\Windows\System32\licmgr10.dll
2013-06-18 11:19 - 2013-06-18 11:19 - 00023040 ____A (Microsoft Corporation) C:\Windows\SysWOW64\licmgr10.dll
2013-06-18 11:19 - 2013-06-18 11:19 - 00013824 ____A (Microsoft Corporation) C:\Windows\System32\mshta.exe
2013-06-18 11:19 - 2013-06-18 11:19 - 00012800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshta.exe
2013-06-18 11:19 - 2013-06-18 11:19 - 00012800 ____A (Microsoft Corporation) C:\Windows\System32\msfeedssync.exe
2013-06-18 11:19 - 2013-06-18 11:19 - 00011776 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeedssync.exe
2013-06-18 11:16 - 2013-06-18 11:16 - 03928064 ____A (Microsoft Corporation) C:\Windows\System32\d2d1.dll
2013-06-18 11:16 - 2013-06-18 11:16 - 03419136 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d2d1.dll
2013-06-18 11:16 - 2013-06-18 11:16 - 02776576 ____A (Microsoft Corporation) C:\Windows\System32\msmpeg2vdec.dll
2013-06-18 11:16 - 2013-06-18 11:16 - 02565120 ____A (Microsoft Corporation) C:\Windows\System32\d3d10warp.dll
2013-06-18 11:16 - 2013-06-18 11:16 - 02284544 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msmpeg2vdec.dll
2013-06-18 11:16 - 2013-06-18 11:16 - 01988096 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3d10warp.dll
2013-06-18 11:16 - 2013-06-18 11:16 - 01682432 ____A (Microsoft Corporation) C:\Windows\System32\XpsPrint.dll
2013-06-18 11:16 - 2013-06-18 11:16 - 01643520 ____A (Microsoft Corporation) C:\Windows\System32\DWrite.dll
2013-06-18 11:16 - 2013-06-18 11:16 - 01247744 ____A (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll
2013-06-18 11:16 - 2013-06-18 11:16 - 01238528 ____A (Microsoft Corporation) C:\Windows\System32\d3d10.dll
2013-06-18 11:16 - 2013-06-18 11:16 - 01175552 ____A (Microsoft Corporation) C:\Windows\System32\FntCache.dll
2013-06-18 11:16 - 2013-06-18 11:16 - 01158144 ____A (Microsoft Corporation) C:\Windows\SysWOW64\XpsPrint.dll
2013-06-18 11:16 - 2013-06-18 11:16 - 01080832 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3d10.dll
2013-06-18 11:16 - 2013-06-18 11:16 - 00648192 ____A (Microsoft Corporation) C:\Windows\System32\d3d10level9.dll
2013-06-18 11:16 - 2013-06-18 11:16 - 00604160 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3d10level9.dll
2013-06-18 11:16 - 2013-06-18 11:16 - 00522752 ____A (Microsoft Corporation) C:\Windows\System32\XpsGdiConverter.dll
2013-06-18 11:16 - 2013-06-18 11:16 - 00465920 ____A (Microsoft Corporation) C:\Windows\System32\WMPhoto.dll
2013-06-18 11:16 - 2013-06-18 11:16 - 00417792 ____A (Microsoft Corporation) C:\Windows\SysWOW64\WMPhoto.dll
2013-06-18 11:16 - 2013-06-18 11:16 - 00364544 ____A (Microsoft Corporation) C:\Windows\SysWOW64\XpsGdiConverter.dll
2013-06-18 11:16 - 2013-06-18 11:16 - 00363008 ____A (Microsoft Corporation) C:\Windows\System32\dxgi.dll
2013-06-18 11:16 - 2013-06-18 11:16 - 00333312 ____A (Microsoft Corporation) C:\Windows\System32\d3d10_1core.dll
2013-06-18 11:16 - 2013-06-18 11:16 - 00296960 ____A (Microsoft Corporation) C:\Windows\System32\d3d10core.dll
2013-06-18 11:16 - 2013-06-18 11:16 - 00293376 ____A (Microsoft Corporation) C:\Windows\SysWOW64\dxgi.dll
2013-06-18 11:16 - 2013-06-18 11:16 - 00249856 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3d10_1core.dll
2013-06-18 11:16 - 2013-06-18 11:16 - 00245248 ____A (Microsoft Corporation) C:\Windows\System32\WindowsCodecsExt.dll
2013-06-18 11:16 - 2013-06-18 11:16 - 00221184 ____A (Microsoft Corporation) C:\Windows\System32\UIAnimation.dll
2013-06-18 11:16 - 2013-06-18 11:16 - 00220160 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3d10core.dll
2013-06-18 11:16 - 2013-06-18 11:16 - 00207872 ____A (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecsExt.dll
2013-06-18 11:16 - 2013-06-18 11:16 - 00194560 ____A (Microsoft Corporation) C:\Windows\System32\d3d10_1.dll
2013-06-18 11:16 - 2013-06-18 11:16 - 00187392 ____A (Microsoft Corporation) C:\Windows\SysWOW64\UIAnimation.dll
2013-06-18 11:16 - 2013-06-18 11:16 - 00161792 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3d10_1.dll
2013-06-18 11:16 - 2013-06-18 11:16 - 00010752 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-advapi32-l1-1-0.dll
2013-06-18 11:16 - 2013-06-18 11:16 - 00010752 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-downlevel-advapi32-l1-1-0.dll
2013-06-18 11:16 - 2013-06-18 11:16 - 00009728 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2013-06-18 11:16 - 2013-06-18 11:16 - 00009728 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2013-06-18 11:16 - 2013-06-18 11:16 - 00005632 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-shlwapi-l2-1-0.dll
2013-06-18 11:16 - 2013-06-18 11:16 - 00005632 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-ole32-l1-1-0.dll
2013-06-18 11:16 - 2013-06-18 11:16 - 00005632 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-downlevel-shlwapi-l2-1-0.dll
2013-06-18 11:16 - 2013-06-18 11:16 - 00005632 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-downlevel-ole32-l1-1-0.dll
2013-06-18 11:16 - 2013-06-18 11:16 - 00004096 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-user32-l1-1-0.dll
2013-06-18 11:16 - 2013-06-18 11:16 - 00004096 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-downlevel-user32-l1-1-0.dll
2013-06-18 11:16 - 2013-06-18 11:16 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-advapi32-l2-1-0.dll
2013-06-18 11:16 - 2013-06-18 11:16 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-downlevel-advapi32-l2-1-0.dll
2013-06-18 11:16 - 2013-06-18 11:16 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-version-l1-1-0.dll
2013-06-18 11:16 - 2013-06-18 11:16 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-shell32-l1-1-0.dll
2013-06-18 11:16 - 2013-06-18 11:16 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-downlevel-version-l1-1-0.dll
2013-06-18 11:16 - 2013-06-18 11:16 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-downlevel-shell32-l1-1-0.dll
2013-06-18 11:16 - 2013-06-18 11:16 - 00002560 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-normaliz-l1-1-0.dll
2013-06-18 11:16 - 2013-06-18 11:16 - 00002560 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-downlevel-normaliz-l1-1-0.dll
2013-06-14 04:20 - 2013-06-14 04:20 - 00000432 ____A C:\Users\Sheri\Desktop\Welcome to Walgreens - Your Home for Prescriptions, Photos and Health Information.url
2013-06-12 04:20 - 2013-05-12 21:51 - 01464320 ____A (Microsoft Corporation) C:\Windows\System32\crypt32.dll
2013-06-12 04:20 - 2013-05-12 21:51 - 00184320 ____A (Microsoft Corporation) C:\Windows\System32\cryptsvc.dll
2013-06-12 04:20 - 2013-05-12 21:51 - 00139776 ____A (Microsoft Corporation) C:\Windows\System32\cryptnet.dll
2013-06-12 04:20 - 2013-05-12 21:50 - 00052224 ____A (Microsoft Corporation) C:\Windows\System32\certenc.dll
2013-06-12 04:20 - 2013-05-12 20:45 - 01160192 ____A (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2013-06-12 04:20 - 2013-05-12 20:45 - 00140288 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
2013-06-12 04:20 - 2013-05-12 20:45 - 00103936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll
2013-06-12 04:20 - 2013-05-12 19:43 - 01192448 ____A (Microsoft Corporation) C:\Windows\System32\certutil.exe
2013-06-12 04:20 - 2013-05-12 19:08 - 00903168 ____A (Microsoft Corporation) C:\Windows\SysWOW64\certutil.exe
2013-06-12 04:20 - 2013-05-12 19:08 - 00043008 ____A (Microsoft Corporation) C:\Windows\SysWOW64\certenc.dll
2013-06-12 04:20 - 2013-05-09 21:49 - 00030720 ____A (Microsoft Corporation) C:\Windows\System32\cryptdlg.dll
2013-06-12 04:20 - 2013-05-09 19:20 - 00024576 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptdlg.dll
2013-06-12 04:20 - 2013-05-07 22:39 - 01910632 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\tcpip.sys
2013-06-12 04:20 - 2013-04-25 21:51 - 00751104 ____A (Microsoft Corporation) C:\Windows\System32\win32spl.dll
2013-06-12 04:20 - 2013-04-25 20:55 - 00492544 ____A (Microsoft Corporation) C:\Windows\SysWOW64\win32spl.dll
2013-06-12 04:19 - 2013-04-25 15:30 - 01505280 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3d11.dll
2013-06-12 04:19 - 2013-03-31 14:52 - 01887232 ____A (Microsoft Corporation) C:\Windows\System32\d3d11.dll
2013-06-11 07:45 - 2013-06-20 09:05 - 00000000 ____D C:\Users\Sheri\AppData\Roaming\Apple Computer
2013-06-11 07:45 - 2013-06-11 07:45 - 00001794 ____A C:\Users\Public\Desktop\iTunes.lnk
2013-06-11 07:45 - 2013-06-11 07:45 - 00000000 ____D C:\Users\Sheri\AppData\Local\Apple Computer
2013-06-11 07:45 - 2012-08-21 10:01 - 00033240 ____A (GEAR Software Inc.) C:\Windows\System32\Drivers\GEARAspiWDM.sys
2013-06-11 07:43 - 2013-06-11 07:45 - 00000000 ____D C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2013-06-11 07:43 - 2013-06-11 07:45 - 00000000 ____D C:\Program Files\iTunes
2013-06-11 07:43 - 2013-06-11 07:45 - 00000000 ____D C:\Program Files (x86)\iTunes
2013-06-11 07:43 - 2013-06-11 07:43 - 00000000 ____D C:\ProgramData\Apple Computer
2013-06-11 07:43 - 2013-06-11 07:43 - 00000000 ____D C:\Program Files\iPod
2013-06-11 07:42 - 2013-06-11 07:42 - 00000000 ____D C:\Users\Sheri\AppData\Local\Apple
2013-06-11 07:42 - 2013-06-11 07:42 - 00000000 ____D C:\Program Files (x86)\Apple Software Update
2013-06-11 07:41 - 2013-06-11 07:41 - 00000000 ____D C:\Program Files\Common Files\Apple
2013-06-11 07:40 - 2013-06-11 07:42 - 00000000 ____D C:\ProgramData\Apple
2013-06-11 07:40 - 2013-06-11 07:41 - 00000000 ____D C:\Program Files\Bonjour
2013-06-11 07:40 - 2013-06-11 07:41 - 00000000 ____D C:\Program Files (x86)\Bonjour
==================== One Month Modified Files and Folders =======
2013-06-26 06:15 - 2013-06-23 08:55 - 00001916 ____A C:\Windows\setupact.log
2013-06-26 06:15 - 2012-01-31 17:56 - 00000908 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-06-26 06:15 - 2009-07-13 21:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2013-06-25 23:18 - 2013-06-25 23:18 - 00000000 ____D C:\FRST
2013-06-25 19:24 - 2009-07-13 21:08 - 00032636 ____A C:\Windows\Tasks\SCHEDLGU.TXT
2013-06-25 19:11 - 2013-06-23 08:58 - 00082023 ____A C:\Windows\WindowsUpdate.log
2013-06-25 19:11 - 2009-07-13 20:45 - 00024608 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-06-25 19:11 - 2009-07-13 20:45 - 00024608 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-06-25 18:36 - 2012-03-29 18:41 - 00000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-06-25 18:36 - 2012-01-31 17:56 - 00000912 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-06-24 07:39 - 2013-06-24 07:39 - 02019358 ____A C:\Users\Sheri\AppData\Roaming\2433f433
2013-06-24 07:39 - 2013-06-24 07:39 - 02019357 ____A C:\ProgramData\2433f433
2013-06-24 07:39 - 2013-06-24 07:39 - 02019347 ____A C:\Users\Sheri\AppData\Local\2433f433
2013-06-24 04:16 - 2009-07-13 21:13 - 00727310 ____A C:\Windows\System32\PerfStringBackup.INI
2013-06-23 09:36 - 2012-03-15 15:42 - 00000000 ____D C:\users\Sheri
2013-06-23 09:33 - 2013-06-23 09:33 - 00844288 ____A (Ask.com) C:\Users\Sheri\AppData\Roaming\tdefender.exe
2013-06-23 09:33 - 2013-06-23 09:33 - 00844288 ____A (Ask.com) C:\Users\Sheri\AppData\Roaming\5A11.tmp
2013-06-23 09:33 - 2013-06-23 09:33 - 00147968 ____A (MRI Software Lab.) C:\Users\Sheri\winlogon.exe
2013-06-23 09:33 - 2013-06-23 09:33 - 00147968 ____A (MRI Software Lab.) C:\Users\Sheri\windowsupdate.exe
2013-06-23 09:33 - 2013-06-23 09:33 - 00000799 ____A C:\Users\Sheri\Desktop\Internet Security Pro.lnk
2013-06-23 09:33 - 2013-06-23 09:33 - 00000000 ____A C:\Users\Sheri\icq.exe
2013-06-23 08:58 - 2013-06-23 08:58 - 00062776 ____A C:\Users\Sheri\AppData\Local\GDIPFONTCACHEV1.DAT
2013-06-23 08:55 - 2013-06-23 08:55 - 00291008 ____A C:\Windows\System32\FNTCACHE.DAT
2013-06-23 08:55 - 2013-06-23 08:55 - 00000000 ____A C:\Windows\setuperr.log
2013-06-23 03:50 - 2012-08-03 02:57 - 00000000 ____D C:\Windows\Minidump
2013-06-23 03:50 - 2011-10-30 22:34 - 00000000 ____D C:\Windows\Panther
2013-06-23 03:49 - 2012-09-03 03:21 - 00000833 ____A C:\Users\Public\Desktop\CCleaner.lnk
2013-06-23 03:49 - 2012-09-03 03:21 - 00000000 ____D C:\Program Files\CCleaner
2013-06-23 03:47 - 2013-05-15 19:49 - 00000000 ____D C:\ProgramData\Spybot - Search & Destroy
2013-06-21 02:14 - 2009-07-13 18:34 - 00449438 ___RA C:\Windows\System32\Drivers\etc\hosts.20130623-064341.backup
2013-06-20 18:58 - 2013-06-20 18:58 - 00000000 ____D C:\Users\Sheri\AppData\Local\Wild Tangent
2013-06-20 18:58 - 2012-01-31 17:50 - 00000000 ____D C:\ProgramData\WildTangent
2013-06-20 18:53 - 2012-01-31 17:50 - 00000000 ____D C:\Program Files (x86)\WildTangent Games
2013-06-20 18:52 - 2013-03-13 15:37 - 00000000 ____D C:\Users\Sheri\AppData\Roaming\WildTangent
2013-06-20 18:25 - 2013-06-19 06:56 - 00000000 ____D C:\Users\Sheri\AppData\Local\Lexmark X5400 Series
2013-06-20 09:05 - 2013-06-11 07:45 - 00000000 ____D C:\Users\Sheri\AppData\Roaming\Apple Computer
2013-06-20 08:17 - 2013-06-20 08:17 - 00000000 ____A C:\Users\Sheri\skype.exe
2013-06-20 06:58 - 2013-06-20 06:58 - 00000000 ____D C:\Users\Sheri\AppData\Roaming\wabEventSupport16
2013-06-19 08:21 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\rescache
2013-06-19 06:56 - 2012-07-03 10:55 - 00000000 ____D C:\Users\Sheri\AppData\Local\Chromium
2013-06-19 04:42 - 2012-03-19 10:52 - 00000166 ____A C:\Users\Sheri\Desktop\Yahoo!.url
2013-06-19 04:23 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\SysWOW64\zh-HK
2013-06-19 04:23 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\SysWOW64\tr-TR
2013-06-19 04:23 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\System32\zh-HK
2013-06-19 04:23 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\System32\tr-TR
2013-06-19 04:23 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\PolicyDefinitions
2013-06-18 11:19 - 2013-06-18 11:19 - 19233792 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2013-06-18 11:19 - 2013-06-18 11:19 - 15404544 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2013-06-18 11:19 - 2013-06-18 11:19 - 14327808 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-06-18 11:19 - 2013-06-18 11:19 - 13760512 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-06-18 11:19 - 2013-06-18 11:19 - 03958784 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2013-06-18 11:19 - 2013-06-18 11:19 - 02877440 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-06-18 11:19 - 2013-06-18 11:19 - 02706432 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-06-18 11:19 - 2013-06-18 11:19 - 02706432 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2013-06-18 11:19 - 2013-06-18 11:19 - 02648064 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2013-06-18 11:19 - 2013-06-18 11:19 - 02241024 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2013-06-18 11:19 - 2013-06-18 11:19 - 02046976 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-06-18 11:19 - 2013-06-18 11:19 - 01767936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-06-18 11:19 - 2013-06-18 11:19 - 01509376 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2013-06-18 11:19 - 2013-06-18 11:19 - 01441280 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2013-06-18 11:19 - 2013-06-18 11:19 - 01400416 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dat
2013-06-18 11:19 - 2013-06-18 11:19 - 01400416 ____A (Microsoft Corporation) C:\Windows\System32\ieapfltr.dat
2013-06-18 11:19 - 2013-06-18 11:19 - 01365504 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2013-06-18 11:19 - 2013-06-18 11:19 - 01141248 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-06-18 11:19 - 2013-06-18 11:19 - 01054720 ____A (Microsoft Corporation) C:\Windows\System32\MsSpellCheckingFacility.exe
2013-06-18 11:19 - 2013-06-18 11:19 - 00905728 ____A (Microsoft Corporation) C:\Windows\System32\mshtmlmedia.dll
2013-06-18 11:19 - 2013-06-18 11:19 - 00855552 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2013-06-18 11:19 - 2013-06-18 11:19 - 00762368 ____A (Microsoft Corporation) C:\Windows\System32\ieapfltr.dll
2013-06-18 11:19 - 2013-06-18 11:19 - 00719360 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2013-06-18 11:19 - 2013-06-18 11:19 - 00690688 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-06-18 11:19 - 2013-06-18 11:19 - 00629248 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2013-06-18 11:19 - 2013-06-18 11:19 - 00603136 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
2013-06-18 11:19 - 2013-06-18 11:19 - 00599552 ____A (Microsoft Corporation) C:\Windows\System32\vbscript.dll
2013-06-18 11:19 - 2013-06-18 11:19 - 00526336 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2013-06-18 11:19 - 2013-06-18 11:19 - 00523264 ____A (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2013-06-18 11:19 - 2013-06-18 11:19 - 00493056 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-06-18 11:19 - 2013-06-18 11:19 - 00452096 ____A (Microsoft Corporation) C:\Windows\System32\dxtmsft.dll
2013-06-18 11:19 - 2013-06-18 11:19 - 00441856 ____A (Microsoft Corporation) C:\Windows\System32\html.iec
2013-06-18 11:19 - 2013-06-18 11:19 - 00391168 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-06-18 11:19 - 2013-06-18 11:19 - 00361984 ____A (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2013-06-18 11:19 - 2013-06-18 11:19 - 00357888 ____A (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2013-06-18 11:19 - 2013-06-18 11:19 - 00281600 ____A (Microsoft Corporation) C:\Windows\System32\dxtrans.dll
2013-06-18 11:19 - 2013-06-18 11:19 - 00270848 ____A (Microsoft Corporation) C:\Windows\System32\iedkcs32.dll
2013-06-18 11:19 - 2013-06-18 11:19 - 00247296 ____A (Microsoft Corporation) C:\Windows\System32\webcheck.dll
2013-06-18 11:19 - 2013-06-18 11:19 - 00242200 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2013-06-18 11:19 - 2013-06-18 11:19 - 00235008 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
2013-06-18 11:19 - 2013-06-18 11:19 - 00232960 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2013-06-18 11:19 - 2013-06-18 11:19 - 00226816 ____A (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2013-06-18 11:19 - 2013-06-18 11:19 - 00226304 ____A (Microsoft Corporation) C:\Windows\System32\elshyph.dll
2013-06-18 11:19 - 2013-06-18 11:19 - 00216064 ____A (Microsoft Corporation) C:\Windows\System32\msls31.dll
2013-06-18 11:19 - 2013-06-18 11:19 - 00204800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2013-06-18 11:19 - 2013-06-18 11:19 - 00197120 ____A (Microsoft Corporation) C:\Windows\System32\msrating.dll
2013-06-18 11:19 - 2013-06-18 11:19 - 00185344 ____A (Microsoft Corporation) C:\Windows\SysWOW64\elshyph.dll
2013-06-18 11:19 - 2013-06-18 11:19 - 00173568 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
2013-06-18 11:19 - 2013-06-18 11:19 - 00167424 ____A (Microsoft Corporation) C:\Windows\System32\iexpress.exe
2013-06-18 11:19 - 2013-06-18 11:19 - 00163840 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2013-06-18 11:19 - 2013-06-18 11:19 - 00158720 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msls31.dll
2013-06-18 11:19 - 2013-06-18 11:19 - 00150528 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iexpress.exe
2013-06-18 11:19 - 2013-06-18 11:19 - 00149504 ____A (Microsoft Corporation) C:\Windows\System32\occache.dll
2013-06-18 11:19 - 2013-06-18 11:19 - 00144896 ____A (Microsoft Corporation) C:\Windows\System32\wextract.exe
2013-06-18 11:19 - 2013-06-18 11:19 - 00138752 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wextract.exe
2013-06-18 11:19 - 2013-06-18 11:19 - 00137216 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2013-06-18 11:19 - 2013-06-18 11:19 - 00136704 ____A (Microsoft Corporation) C:\Windows\System32\iesysprep.dll
2013-06-18 11:19 - 2013-06-18 11:19 - 00136192 ____A (Microsoft Corporation) C:\Windows\System32\iepeers.dll
2013-06-18 11:19 - 2013-06-18 11:19 - 00135680 ____A (Microsoft Corporation) C:\Windows\System32\IEAdvpack.dll
2013-06-18 11:19 - 2013-06-18 11:19 - 00125440 ____A (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2013-06-18 11:19 - 2013-06-18 11:19 - 00117248 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iepeers.dll
2013-06-18 11:19 - 2013-06-18 11:19 - 00110592 ____A (Microsoft Corporation) C:\Windows\SysWOW64\IEAdvpack.dll
2013-06-18 11:19 - 2013-06-18 11:19 - 00109056 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2013-06-18 11:19 - 2013-06-18 11:19 - 00102912 ____A (Microsoft Corporation) C:\Windows\System32\inseng.dll
2013-06-18 11:19 - 2013-06-18 11:19 - 00097280 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2013-06-18 11:19 - 2013-06-18 11:19 - 00092160 ____A (Microsoft Corporation) C:\Windows\System32\SetIEInstalledDate.exe
2013-06-18 11:19 - 2013-06-18 11:19 - 00089600 ____A (Microsoft Corporation) C:\Windows\System32\RegisterIEPKEYs.exe
2013-06-18 11:19 - 2013-06-18 11:19 - 00082432 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll
2013-06-18 11:19 - 2013-06-18 11:19 - 00081408 ____A (Microsoft Corporation) C:\Windows\System32\icardie.dll
2013-06-18 11:19 - 2013-06-18 11:19 - 00079872 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2013-06-18 11:19 - 2013-06-18 11:19 - 00077312 ____A (Microsoft Corporation) C:\Windows\System32\tdc.ocx
2013-06-18 11:19 - 2013-06-18 11:19 - 00073728 ____A (Microsoft Corporation) C:\Windows\SysWOW64\SetIEInstalledDate.exe
2013-06-18 11:19 - 2013-06-18 11:19 - 00071680 ____A (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2013-06-18 11:19 - 2013-06-18 11:19 - 00069120 ____A (Microsoft Corporation) C:\Windows\SysWOW64\icardie.dll
2013-06-18 11:19 - 2013-06-18 11:19 - 00067072 ____A (Microsoft Corporation) C:\Windows\System32\iesetup.dll
2013-06-18 11:19 - 2013-06-18 11:19 - 00062976 ____A (Microsoft Corporation) C:\Windows\System32\pngfilt.dll
2013-06-18 11:19 - 2013-06-18 11:19 - 00061952 ____A (Microsoft Corporation) C:\Windows\SysWOW64\tdc.ocx
2013-06-18 11:19 - 2013-06-18 11:19 - 00061440 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2013-06-18 11:19 - 2013-06-18 11:19 - 00057344 ____A (Microsoft Corporation) C:\Windows\SysWOW64\pngfilt.dll
2013-06-18 11:19 - 2013-06-18 11:19 - 00053760 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2013-06-18 11:19 - 2013-06-18 11:19 - 00052224 ____A (Microsoft Corporation) C:\Windows\System32\msfeedsbs.dll
2013-06-18 11:19 - 2013-06-18 11:19 - 00051712 ____A (Microsoft Corporation) C:\Windows\System32\ie4uinit.exe
2013-06-18 11:19 - 2013-06-18 11:19 - 00051200 ____A (Microsoft Corporation) C:\Windows\System32\imgutil.dll
2013-06-18 11:19 - 2013-06-18 11:19 - 00048640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmler.dll
2013-06-18 11:19 - 2013-06-18 11:19 - 00048640 ____A (Microsoft Corporation) C:\Windows\System32\mshtmler.dll
2013-06-18 11:19 - 2013-06-18 11:19 - 00041984 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeedsbs.dll
2013-06-18 11:19 - 2013-06-18 11:19 - 00039936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-06-18 11:19 - 2013-06-18 11:19 - 00039936 ____A (Microsoft Corporation) C:\Windows\System32\iernonce.dll
2013-06-18 11:19 - 2013-06-18 11:19 - 00038400 ____A (Microsoft Corporation) C:\Windows\SysWOW64\imgutil.dll
2013-06-18 11:19 - 2013-06-18 11:19 - 00033280 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2013-06-18 11:19 - 2013-06-18 11:19 - 00027648 ____A (Microsoft Corporation) C:\Windows\System32\licmgr10.dll
2013-06-18 11:19 - 2013-06-18 11:19 - 00023040 ____A (Microsoft Corporation) C:\Windows\SysWOW64\licmgr10.dll
2013-06-18 11:19 - 2013-06-18 11:19 - 00013824 ____A (Microsoft Corporation) C:\Windows\System32\mshta.exe
2013-06-18 11:19 - 2013-06-18 11:19 - 00012800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshta.exe
2013-06-18 11:19 - 2013-06-18 11:19 - 00012800 ____A (Microsoft Corporation) C:\Windows\System32\msfeedssync.exe
2013-06-18 11:19 - 2013-06-18 11:19 - 00011776 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeedssync.exe
2013-06-18 11:16 - 2013-06-18 11:16 - 03928064 ____A (Microsoft Corporation) C:\Windows\System32\d2d1.dll
2013-06-18 11:16 - 2013-06-18 11:16 - 03419136 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d2d1.dll
2013-06-18 11:16 - 2013-06-18 11:16 - 02776576 ____A (Microsoft Corporation) C:\Windows\System32\msmpeg2vdec.dll
2013-06-18 11:16 - 2013-06-18 11:16 - 02565120 ____A (Microsoft Corporation) C:\Windows\System32\d3d10warp.dll
2013-06-18 11:16 - 2013-06-18 11:16 - 02284544 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msmpeg2vdec.dll
2013-06-18 11:16 - 2013-06-18 11:16 - 01988096 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3d10warp.dll
2013-06-18 11:16 - 2013-06-18 11:16 - 01682432 ____A (Microsoft Corporation) C:\Windows\System32\XpsPrint.dll
2013-06-18 11:16 - 2013-06-18 11:16 - 01643520 ____A (Microsoft Corporation) C:\Windows\System32\DWrite.dll
2013-06-18 11:16 - 2013-06-18 11:16 - 01247744 ____A (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll
2013-06-18 11:16 - 2013-06-18 11:16 - 01238528 ____A (Microsoft Corporation) C:\Windows\System32\d3d10.dll
2013-06-18 11:16 - 2013-06-18 11:16 - 01175552 ____A (Microsoft Corporation) C:\Windows\System32\FntCache.dll
2013-06-18 11:16 - 2013-06-18 11:16 - 01158144 ____A (Microsoft Corporation) C:\Windows\SysWOW64\XpsPrint.dll
2013-06-18 11:16 - 2013-06-18 11:16 - 01080832 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3d10.dll
2013-06-18 11:16 - 2013-06-18 11:16 - 00648192 ____A (Microsoft Corporation) C:\Windows\System32\d3d10level9.dll
2013-06-18 11:16 - 2013-06-18 11:16 - 00604160 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3d10level9.dll
2013-06-18 11:16 - 2013-06-18 11:16 - 00522752 ____A (Microsoft Corporation) C:\Windows\System32\XpsGdiConverter.dll
2013-06-18 11:16 - 2013-06-18 11:16 - 00465920 ____A (Microsoft Corporation) C:\Windows\System32\WMPhoto.dll
2013-06-18 11:16 - 2013-06-18 11:16 - 00417792 ____A (Microsoft Corporation) C:\Windows\SysWOW64\WMPhoto.dll
2013-06-18 11:16 - 2013-06-18 11:16 - 00364544 ____A (Microsoft Corporation) C:\Windows\SysWOW64\XpsGdiConverter.dll
2013-06-18 11:16 - 2013-06-18 11:16 - 00363008 ____A (Microsoft Corporation) C:\Windows\System32\dxgi.dll
2013-06-18 11:16 - 2013-06-18 11:16 - 00333312 ____A (Microsoft Corporation) C:\Windows\System32\d3d10_1core.dll
2013-06-18 11:16 - 2013-06-18 11:16 - 00296960 ____A (Microsoft Corporation) C:\Windows\System32\d3d10core.dll
2013-06-18 11:16 - 2013-06-18 11:16 - 00293376 ____A (Microsoft Corporation) C:\Windows\SysWOW64\dxgi.dll
2013-06-18 11:16 - 2013-06-18 11:16 - 00249856 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3d10_1core.dll
2013-06-18 11:16 - 2013-06-18 11:16 - 00245248 ____A (Microsoft Corporation) C:\Windows\System32\WindowsCodecsExt.dll
2013-06-18 11:16 - 2013-06-18 11:16 - 00221184 ____A (Microsoft Corporation) C:\Windows\System32\UIAnimation.dll
2013-06-18 11:16 - 2013-06-18 11:16 - 00220160 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3d10core.dll
2013-06-18 11:16 - 2013-06-18 11:16 - 00207872 ____A (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecsExt.dll
2013-06-18 11:16 - 2013-06-18 11:16 - 00194560 ____A (Microsoft Corporation) C:\Windows\System32\d3d10_1.dll
2013-06-18 11:16 - 2013-06-18 11:16 - 00187392 ____A (Microsoft Corporation) C:\Windows\SysWOW64\UIAnimation.dll
2013-06-18 11:16 - 2013-06-18 11:16 - 00161792 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3d10_1.dll
2013-06-18 11:16 - 2013-06-18 11:16 - 00010752 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-advapi32-l1-1-0.dll
2013-06-18 11:16 - 2013-06-18 11:16 - 00010752 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-downlevel-advapi32-l1-1-0.dll
2013-06-18 11:16 - 2013-06-18 11:16 - 00009728 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2013-06-18 11:16 - 2013-06-18 11:16 - 00009728 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2013-06-18 11:16 - 2013-06-18 11:16 - 00005632 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-shlwapi-l2-1-0.dll
2013-06-18 11:16 - 2013-06-18 11:16 - 00005632 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-ole32-l1-1-0.dll
2013-06-18 11:16 - 2013-06-18 11:16 - 00005632 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-downlevel-shlwapi-l2-1-0.dll
2013-06-18 11:16 - 2013-06-18 11:16 - 00005632 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-downlevel-ole32-l1-1-0.dll
2013-06-18 11:16 - 2013-06-18 11:16 - 00004096 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-user32-l1-1-0.dll
2013-06-18 11:16 - 2013-06-18 11:16 - 00004096 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-downlevel-user32-l1-1-0.dll
2013-06-18 11:16 - 2013-06-18 11:16 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-advapi32-l2-1-0.dll
2013-06-18 11:16 - 2013-06-18 11:16 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-downlevel-advapi32-l2-1-0.dll
2013-06-18 11:16 - 2013-06-18 11:16 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-version-l1-1-0.dll
2013-06-18 11:16 - 2013-06-18 11:16 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-shell32-l1-1-0.dll
2013-06-18 11:16 - 2013-06-18 11:16 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-downlevel-version-l1-1-0.dll
2013-06-18 11:16 - 2013-06-18 11:16 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-downlevel-shell32-l1-1-0.dll
2013-06-18 11:16 - 2013-06-18 11:16 - 00002560 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-normaliz-l1-1-0.dll
2013-06-18 11:16 - 2013-06-18 11:16 - 00002560 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-downlevel-normaliz-l1-1-0.dll
2013-06-14 04:27 - 2012-03-15 16:13 - 75825640 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe
2013-06-14 04:20 - 2013-06-14 04:20 - 00000432 ____A C:\Users\Sheri\Desktop\Welcome to Walgreens - Your Home for Prescriptions, Photos and Health Information.url
2013-06-12 05:50 - 2012-03-29 18:41 - 00692104 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2013-06-12 05:50 - 2011-10-30 19:37 - 00071048 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2013-06-11 07:45 - 2013-06-11 07:45 - 00001794 ____A C:\Users\Public\Desktop\iTunes.lnk
2013-06-11 07:45 - 2013-06-11 07:45 - 00000000 ____D C:\Users\Sheri\AppData\Local\Apple Computer
2013-06-11 07:45 - 2013-06-11 07:43 - 00000000 ____D C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2013-06-11 07:45 - 2013-06-11 07:43 - 00000000 ____D C:\Program Files\iTunes
2013-06-11 07:45 - 2013-06-11 07:43 - 00000000 ____D C:\Program Files (x86)\iTunes
2013-06-11 07:43 - 2013-06-11 07:43 - 00000000 ____D C:\ProgramData\Apple Computer
2013-06-11 07:43 - 2013-06-11 07:43 - 00000000 ____D C:\Program Files\iPod
2013-06-11 07:42 - 2013-06-11 07:42 - 00000000 ____D C:\Users\Sheri\AppData\Local\Apple
2013-06-11 07:42 - 2013-06-11 07:42 - 00000000 ____D C:\Program Files (x86)\Apple Software Update
2013-06-11 07:42 - 2013-06-11 07:40 - 00000000 ____D C:\ProgramData\Apple
2013-06-11 07:41 - 2013-06-11 07:41 - 00000000 ____D C:\Program Files\Common Files\Apple
2013-06-11 07:41 - 2013-06-11 07:40 - 00000000 ____D C:\Program Files\Bonjour
2013-06-11 07:41 - 2013-06-11 07:40 - 00000000 ____D C:\Program Files (x86)\Bonjour
2013-06-11 04:26 - 2012-03-18 08:09 - 00000000 ____D C:\Program Files\Lx_cats
2013-06-10 10:49 - 2012-04-09 04:28 - 00000242 ____A C:\lxct.log
ZeroAccess:
C:\$Recycle.Bin\S-1-5-18\$1124a725e7eb82f4e97828044d39f9dc
ZeroAccess:
C:\$Recycle.Bin\S-1-5-18\$1124a725e7eb82f4e97828044d39f9dc
ZeroAccess:
C:\$Recycle.Bin\S-1-5-21-688125088-2454436718-3453892321-1000\$1124a725e7eb82f4e97828044d39f9dc
ZeroAccess:
C:\$Recycle.Bin\S-1-5-18\$1124a725e7eb82f4e97828044d39f9dc
Files to move or delete:
====================
C:\Users\Sheri\icq.exe
C:\Users\Sheri\mssstool64.exe
C:\Users\Sheri\skype.exe
C:\Users\Sheri\windowsupdate.exe
C:\Users\Sheri\winlogon.exe
C:\ProgramData\kcehcuj.pad
==================== Known DLLs (Whitelisted) ================

==================== Bamital & volsnap Check =================
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
==================== EXE ASSOCIATION =====================
HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK
==================== Restore Points =========================
Restore point made on: 2013-05-25 13:24:07
Restore point made on: 2013-05-29 04:12:36
Restore point made on: 2013-06-01 15:17:06
Restore point made on: 2013-06-05 13:53:31
Restore point made on: 2013-06-10 04:22:28
Restore point made on: 2013-06-11 07:42:52
Restore point made on: 2013-06-14 04:16:22
Restore point made on: 2013-06-17 04:41:07
Restore point made on: 2013-06-18 11:11:34
Restore point made on: 2013-06-19 11:11:34
Restore point made on: 2013-06-21 04:46:59
Restore point made on: 2013-06-21 04:47:33
Restore point made on: 2013-06-21 04:48:14
Restore point made on: 2013-06-22 13:31:06
==================== Memory info ===========================
Percentage of memory in use: 19%
Total physical RAM: 2662.87 MB
Available physical RAM: 2156.02 MB
Total Pagefile: 2661.07 MB
Available Pagefile: 2140.32 MB
Total Virtual: 8192 MB
Available Virtual: 8191.86 MB
==================== Drives ================================
Drive c: (TI106302W0C) (Fixed) (Total:282.92 GB) (Free:222.44 GB) NTFS (Disk=0 Partition=2) ==>[System with boot components (obtained from reading drive)]
Drive d: (System) (Fixed) (Total:1.46 GB) (Free:1.26 GB) NTFS (Disk=0 Partition=1) ==>[System with boot components (obtained from reading drive)]
Drive f: () (Removable) (Total:3.73 GB) (Free:3.68 GB) FAT32 (Disk=1 Partition=1)
Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 298 GB) (Disk ID: 20C94C86)
Partition 1: (Active) - (Size=1 GB) - (Type=27)
Partition 2: (Not Active) - (Size=283 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=14 GB) - (Type=17)
========================================================
Disk: 1 (Size: 4 GB) (Disk ID: 00000000)
Partition 1: (Not Active) - (Size=4 GB) - (Type=0B)

LastRegBack: 2013-06-23 09:58
==================== End Of Log ============================
kick-4 is offline  
Sponsored Links
Advertisement
 
Old 06-26-2013, 09:16 PM   #2
TSF Security Manager
Emeritus
 
tetonbob's Avatar
 
Join Date: Jan 2005
Location: Transylvania County, North Carolina, USA
Posts: 52,197
OS: XP Pro; XP Home; Win7 x86 & x64



Hello and Welcome.

Before beginning the fix, read this post completely. If there's anything that you do not understand, kindly ask your questions before proceeding. Ensure that there aren't any opened browsers when you are carrying out the procedures below. Save the following instructions in Notepad as this webpage would not be available when you're carrying out the fix.

It is IMPORTANT that you don't miss a step & perform everything in the correct order/sequence.

Please note that the forum is very busy and if I don't hear from you within three days this thread will be closed.


---------------------------------------------------------------------------------------------

Please note that these fixes are not instantaneous. Most infections require more than one round to properly eradicate.

Stay with me until given the 'all clear' even if symptoms diminish. Lack of symptoms does not always mean the job is complete.

Kindly follow my instructions and please do no fixing on your own or running of scanners unless requested by me or another helper at this forum.

---------------------------------------------------------------------------------------------

Open notepad (Start =>All Programs => Accessories => Notepad). Please copy all the text between the dashed lines below, but do not include the dashed lines. (To do this highlight the contents of the box, right click on it and select copy. Right-click in the open notepad and select Paste). Save it on the flashdrive as fixlist.txt


===========================

HKU\Sheri\...\Run: [Conexant] rundll32 "C:\Users\Sheri\AppData\Local\Chromium\Conexant\idbepoam.dll",DllRegisterServer [1812480 2013-06-19] () <===== ATTENTION
HKU\Sheri\...\Run: [Lexmark X5400 Series] Regsvr32.exe "C:\Users\Sheri\AppData\Local\Lexmark X5400 Series\erhxhcjy.dll" [728576 2013-06-19] (NVIDIA Corporation)
HKU\Sheri\...\Run: [Internet Security] C:\Users\Sheri\AppData\Roaming\tdefender.exe [844288 2013-06-23] (Ask.com)
HKU\Sheri\...\Run: [qcgce2mrvjq91kk1e7pnbb19m52fx] C:\Users\Sheri\AppData\Local\Temp\grneewjtyxxsqehso.exe [52736 2013-06-24] (NVIDIA Corporation)
HKU\Sheri\...\Winlogon: [Shell] cmd.exe [345088 2010-11-20] (Microsoft Corporation) <==== ATTENTION
HKU\Sheri\...\Command Processor: "C:\Users\Sheri\AppData\Local\Temp\grneewjtyxxsqehso.exe" <===== ATTENTION!
2013-06-24 07:39 - 2013-06-24 07:39 - 02019358 ____A C:\Users\Sheri\AppData\Roaming\2433f433
2013-06-24 07:39 - 2013-06-24 07:39 - 02019357 ____A C:\ProgramData\2433f433
2013-06-24 07:39 - 2013-06-24 07:39 - 02019347 ____A C:\Users\Sheri\AppData\Local\2433f433
2013-06-23 09:33 - 2013-06-23 09:33 - 00844288 ____A (Ask.com) C:\Users\Sheri\AppData\Roaming\tdefender.exe
2013-06-23 09:33 - 2013-06-23 09:33 - 00844288 ____A (Ask.com) C:\Users\Sheri\AppData\Roaming\5A11.tmp
2013-06-23 09:33 - 2013-06-23 09:33 - 00147968 ____A (MRI Software Lab.) C:\Users\Sheri\winlogon.exe
2013-06-23 09:33 - 2013-06-23 09:33 - 00147968 ____A (MRI Software Lab.) C:\Users\Sheri\windowsupdate.exe
2013-06-23 09:33 - 2013-06-23 09:33 - 00000799 ____A C:\Users\Sheri\Desktop\Internet Security Pro.lnk


===========================

NOTE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system


Now please enter System Recovery Options again on the affected computer

Run FRST and press the Fix button just once and wait for the "Fix completed" message.
Click OK.
Close FRST
type exit at the command prompt
Click Restart
The tool will make a log on the flashdrive (Fixlog.txt) please post it to your reply.

If all goes well, the computer should boot normally.

We will proceed from there.
__________________
Practice Safe Surfing
Because what you don't know, CAN hurt you.
Proud Member of UNITE since 2006

Microsoft MVP Consumer Security 2009 - 2015
tetonbob is offline  
Old 06-28-2013, 04:04 AM   #3
Registered Member
 
Join Date: Jun 2013
Posts: 15
OS: windows 7



worked perfectly is there anything else I need to do, I found out my windows firewall is not working, it seems that the service has stopped and I can't get it restarted
kick-4 is offline  
Sponsored Links
Advertisement
 
Old 06-28-2013, 06:34 AM   #4
TSF Security Manager
Emeritus
 
tetonbob's Avatar
 
Join Date: Jan 2005
Location: Transylvania County, North Carolina, USA
Posts: 52,197
OS: XP Pro; XP Home; Win7 x86 & x64



Yes, we have more work to do. We only addressed one infection, to get you back into the system.

Please provide the fixlog.txt

Next...
Download DDS and save it to your desktop from here
https://download.bleepingcomputer.com/sUBs/dds.scr

Double click dds.scr to run the tool.
• When done, DDS will save two (2) logs to your desktop.
1. DDS.txt
2. Attach.txt
• Attach both in reply.
You can ignore the note about zipping the Attach.txt file and just attach it to your reply.

===============

Next....Please download Malwarebytes Anti-Rootkit from here Malwarebytes : Malwarebytes Anti-Rootkit and save it to your desktop.

•Be sure to print out and follow the instructions provided on that same page.

•Caution: This is a beta version so please be sure to read the disclaimer and back up any important data before using.

Double click the mbar.zip file to open it, then 'Extract all files'.
Double click the mbar folder to open it, then double click mbar.exe to start the tool.

Check for Updates, then Scan your system for malware

•If malware is found, do NOT press the Cleanup button when the scan completes. Click EXIT.
Then, please send the following logs as attachments to your reply. These logs are located in the Malwarebytes Anti-Rootkit folder.

mbar-log-2013-xx-xx(xx-xx-xx).txt (where xx-xx(xx-xx-xx) is the date and time of the scan)
system-log.txt
__________________
Practice Safe Surfing
Because what you don't know, CAN hurt you.
Proud Member of UNITE since 2006

Microsoft MVP Consumer Security 2009 - 2015
tetonbob is offline  
Old 06-28-2013, 06:46 PM   #5
Registered Member
 
Join Date: Jun 2013
Posts: 15
OS: windows 7



.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows 7 Home Premium
Boot Device: \Device\HarddiskVolume1
Install Date: 3/15/2012 6:42:38 PM
System Uptime: 6/27/2013 9:51:51 PM (21 hours ago)
.
Motherboard: TOSHIBA | | Portable PC
Processor: AMD E-300 APU with Radeon(tm) HD Graphics | Socket FT1 | 1300/100mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 283 GiB total, 224.267 GiB free.
D: is CDROM ()
E: is Removable
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP200: 6/1/2013 6:16:43 PM - Windows Update
RP201: 6/5/2013 4:53:11 PM - Windows Update
RP202: 6/10/2013 7:22:05 AM - Windows Update
RP203: 6/11/2013 10:42:28 AM - Installed iTunes
RP204: 6/14/2013 7:15:56 AM - Windows Update
RP205: 6/17/2013 7:40:39 AM - Windows Update
RP206: 6/18/2013 2:11:14 PM - Windows Update
RP207: 6/19/2013 2:11:13 PM - Windows Update
RP208: 6/21/2013 7:46:33 AM - C
RP209: 6/21/2013 7:47:16 AM - C
RP210: 6/21/2013 7:48:01 AM - C
RP211: 6/22/2013 4:30:36 PM - Windows Update
RP212: 6/27/2013 7:10:28 PM - Windows Update
.
==== Installed Programs ======================
.
Adobe AIR
Adobe Flash Player 11 ActiveX
Adobe Flash Player 11 Plugin
Adobe Reader XI (11.0.03)
Amazon Links
AMD Media Foundation Decoders
AMD VISION Engine Control Center
Apple Application Support
Apple Mobile Device Support
Apple Software Update
Applet
Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver
ATI Catalyst Install Manager
Bejeweled 3
Bonjour
Catalyst Control Center - Branding
Catalyst Control Center Graphics Previews Common
Catalyst Control Center InstallProxy
Catalyst Control Center Localization All
ccc-utility64
CCC Help Chinese Standard
CCC Help Chinese Traditional
CCC Help Czech
CCC Help Danish
CCC Help Dutch
CCC Help English
CCC Help Finnish
CCC Help French
CCC Help German
CCC Help Greek
CCC Help Hungarian
CCC Help Italian
CCC Help Japanese
CCC Help Korean
CCC Help Norwegian
CCC Help Polish
CCC Help Portuguese
CCC Help Russian
CCC Help Spanish
CCC Help Swedish
CCC Help Thai
CCC Help Turkish
CCleaner
Conexant HD Audio
Cosmopolitan Virtual Makeover 3
D3DX10
ETDWare PS/2-X64 8.0.8.0_R01
FATE - The Traitor Soul
FaxRedist
Google Chrome
Google Toolbar for Internet Explorer
Google Update Helper
iTunes
Java Auto Updater
Java(TM) 6 Update 25
Junk Mail filter update
[email protected] 1.0
Letters from Nowhere 2
Lexmark 5400 Series
Lexmark Toolbar
Malwarebytes Anti-Malware version 1.75.0.1300
Mesh Runtime
Microsoft .NET Framework 4 Client Profile
Microsoft Application Error Reporting
Microsoft IntelliPoint 8.2
Microsoft Office 2010
Microsoft Office Click-to-Run 2010
Microsoft Office Starter 2010 - English
Microsoft Security Client
Microsoft Security Essentials
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft SQL Server Compact 3.5 SP2 ENU
Microsoft SQL Server Compact 3.5 SP2 x64 ENU
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2005 Redistributable (x64)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
MSVCRT
MSVCRT_amd64
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 4.0 SP2 Parser and SDK
Neat
Neat ADF Scanner 2008 Driver
Neat ADF Scanner Driver
Neat Core Files
Neat Mobile Scanner (Silver) Driver
Neat Mobile Scanner 2008 Driver
Neat Mobile Scanner Driver
Penguins!
Plants vs. Zombies - Game of the Year
PlayReady PC Runtime amd64
PlayReady PC Runtime x86
Polar Bowler
QuickBooks
QuickBooks Pro 2010
Realtek USB 2.0 Card Reader
Realtek WLAN Driver
RollerCoaster Tycoon 3: Platinum
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2804576)
Send To Neat
Skype Launcher
Spybot - Search & Destroy
Tales of Lagoona
Toshiba App Place
TOSHIBA Application Installer
TOSHIBA Assist
Toshiba Book Place
TOSHIBA Bulletin Board
TOSHIBA Disc Creator
TOSHIBA Face Recognition
TOSHIBA Hardware Setup
TOSHIBA HDD/SSD Alert
Toshiba Laptop Checkup
TOSHIBA Media Controller
Toshiba Online Backup
TOSHIBA Quality Application
TOSHIBA Recovery Media Creator
TOSHIBA ReelTime
TOSHIBA Service Station
TOSHIBA Supervisor Password
TOSHIBA Value Added Package
TOSHIBA Web Camera Application
TOSHIBARegistration
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939)
Update Installer for WildTangent Games App
WildTangent Games
WildTangent Games App (Toshiba Games)
Windows Live Communications Platform
Windows Live Essentials
Windows Live ID Sign-in Assistant
Windows Live Installer
Windows Live Language Selector
Windows Live Mail
Windows Live Mesh
Windows Live Mesh ActiveX Control for Remote Connections
Windows Live Messenger
Windows Live MIME IFilter
Windows Live Movie Maker
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live Remote Client
Windows Live Remote Client Resources
Windows Live Remote Service
Windows Live Remote Service Resources
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
Zuma's Revenge
.
==== Event Viewer Messages From Past Week ========
.
6/27/2013 9:52:42 PM, Error: Service Control Manager [7003] - The Microsoft Network Inspection System service depends the following service: BFE. This service might not be installed.
6/27/2013 9:52:42 PM, Error: Service Control Manager [7001] - The Microsoft Network Inspection service depends on the Microsoft Network Inspection System service which failed to start because of the following error: The dependency service does not exist or has been marked for deletion.
6/27/2013 9:52:42 PM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Network Inspection System Error Code: 0x8007042c Error description: The dependency service or group failed to start. Reason: The system is missing updates that are required for running Network Inspection System. Install the required updates and restart the computer.
6/27/2013 9:52:33 PM, Error: Service Control Manager [7003] - The Spybot-S&D 2 Security Center Service service depends the following service: wscsvc. This service might not be installed.
6/27/2013 9:52:30 PM, Error: Service Control Manager [7003] - The IPsec Policy Agent service depends the following service: BFE. This service might not be installed.
6/27/2013 9:52:21 PM, Error: Service Control Manager [7023] - The Computer Browser service terminated with the following error: The specified service does not exist as an installed service.
6/27/2013 9:52:17 PM, Error: Service Control Manager [7003] - The IKE and AuthIP IPsec Keying Modules service depends the following service: BFE. This service might not be installed.
6/27/2013 7:12:39 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80070643: Definition Update for Microsoft Security Essentials - KB2310138 (Definition 1.153.772.0).
6/27/2013 7:12:15 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.153.772.0 Update Source: Microsoft Update Server Update Stage: Install Source Path: Microsoft Home Page | Devices and Services Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.9607.0 Error code: 0x80070643 Error description: Fatal error during installation.
6/27/2013 7:12:07 PM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Network Inspection System Error Code: 0x8007042c Error description: The dependency service or group failed to start. Reason: The system is missing updates that are required for running Network Inspection System. Install the required updates and restart the computer.
6/27/2013 7:12:07 PM, Error: Microsoft Antimalware [2003] - Microsoft Antimalware has encountered an error trying to update the engine. New Engine Version: Previous Engine Version: 2.1.8904.0 Engine Type: Network Inspection System User: NT AUTHORITY\SYSTEM Error Code: 0x8007042c Error description: The dependency service or group failed to start.
6/27/2013 7:12:07 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 18.160.0.0 Update Source: User Update Stage: Install Source Path: Signature Type: Network Inspection System Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 2.1.8904.0 Error code: 0x8007042c Error description: The dependency service or group failed to start.
6/27/2013 7:07:46 PM, Error: Service Control Manager [7024] - The HomeGroup Listener service terminated with service-specific error %%-2147023143.
6/27/2013 7:07:31 PM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Network Inspection System Error Code: 0x8007042c Error description: The dependency service or group failed to start. Reason: The system is missing updates that are required for running Network Inspection System. Install the required updates and restart the computer.
6/26/2013 9:16:11 AM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Network Inspection System Error Code: 0x8007042c Error description: The dependency service or group failed to start. Reason: The system is missing updates that are required for running Network Inspection System. Install the required updates and restart the computer.
6/26/2013 9:13:46 AM, Error: Service Control Manager [7031] - The Microsoft Antimalware Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 15000 milliseconds: Restart the service.
6/26/2013 9:13:18 AM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: discache MpFilter spldr Wanarpv6
6/26/2013 9:13:18 AM, Error: Service Control Manager [7001] - The Client Virtualization Handler service depends on the Application Virtualization Client service which failed to start because of the following error: The dependency service or group failed to start.
6/26/2013 9:13:17 AM, Error: Service Control Manager [7001] - The Computer Browser service depends on the Server service which failed to start because of the following error: The dependency service or group failed to start.
6/26/2013 8:46:27 AM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Network Inspection System Error Code: 0x8007042c Error description: The dependency service or group failed to start. Reason: The system is missing updates that are required for running Network Inspection System. Install the required updates and restart the computer.
6/26/2013 8:21:49 AM, Error: Service Control Manager [7038] - The MsMpSvc service was unable to log on as NT AUTHORITY\SYSTEM with the currently configured password due to the following error: The request is not supported. To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).
6/26/2013 8:21:49 AM, Error: Service Control Manager [7000] - The Microsoft Antimalware Service service failed to start due to the following error: The service did not start due to a logon failure.
6/26/2013 8:21:16 AM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD DfsC discache MpFilter NetBIOS NetBT nsiproxy Psched rdbss spldr tdx vwififlt Wanarpv6 WfpLwf
6/26/2013 8:21:16 AM, Error: Service Control Manager [7001] - The Workstation service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
6/26/2013 8:21:16 AM, Error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
6/26/2013 8:21:16 AM, Error: Service Control Manager [7001] - The SMB MiniRedirector Wrapper and Engine service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error: A device attached to the system is not functioning.
6/26/2013 8:21:16 AM, Error: Service Control Manager [7001] - The SMB 2.0 MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
6/26/2013 8:21:16 AM, Error: Service Control Manager [7001] - The SMB 1.x MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
6/26/2013 8:21:16 AM, Error: Service Control Manager [7001] - The Network Store Interface Service service depends on the NSI proxy service driver. service which failed to start because of the following error: A device attached to the system is not functioning.
6/26/2013 8:21:16 AM, Error: Service Control Manager [7001] - The Network Location Awareness service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
6/26/2013 8:21:16 AM, Error: Service Control Manager [7001] - The DNS Client service depends on the NetIO Legacy TDI Support Driver service which failed to start because of the following error: A device attached to the system is not functioning.
6/26/2013 8:21:16 AM, Error: Service Control Manager [7001] - The DHCP Client service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
6/26/2013 8:19:59 AM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Network Inspection System Error Code: 0x8007042c Error description: The dependency service or group failed to start. Reason: The system is missing updates that are required for running Network Inspection System. Install the required updates and restart the computer.
6/25/2013 9:39:56 PM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Network Inspection System Error Code: 0x8007042c Error description: The dependency service or group failed to start. Reason: The system is missing updates that are required for running Network Inspection System. Install the required updates and restart the computer.
6/25/2013 10:18:41 PM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Network Inspection System Error Code: 0x8007042c Error description: The dependency service or group failed to start. Reason: The system is missing updates that are required for running Network Inspection System. Install the required updates and restart the computer.
6/25/2013 10:14:36 PM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Network Inspection System Error Code: 0x8007042c Error description: The dependency service or group failed to start. Reason: The system is missing updates that are required for running Network Inspection System. Install the required updates and restart the computer.
6/25/2013 10:08:37 PM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Network Inspection System Error Code: 0x8007042c Error description: The dependency service or group failed to start. Reason: The system is missing updates that are required for running Network Inspection System. Install the required updates and restart the computer.
6/25/2013 1:34:09 AM, Error: Service Control Manager [7034] - The Google Update Service (gupdate) service terminated unexpectedly. It has done this 1 time(s).
6/24/2013 7:36:01 AM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80070643: Definition Update for Microsoft Security Essentials - KB2310138 (Definition 1.153.470.0).
6/24/2013 7:35:31 AM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.153.470.0 Update Source: Microsoft Update Server Update Stage: Install Source Path: Microsoft Home Page | Devices and Services Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.9607.0 Error code: 0x80070643 Error description: Fatal error during installation.
6/24/2013 7:35:28 AM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Network Inspection System Error Code: 0x8007042c Error description: The dependency service or group failed to start. Reason: The system is missing updates that are required for running Network Inspection System. Install the required updates and restart the computer.
6/24/2013 7:35:28 AM, Error: Microsoft Antimalware [2003] - Microsoft Antimalware has encountered an error trying to update the engine. New Engine Version: Previous Engine Version: 2.1.8904.0 Engine Type: Network Inspection System User: NT AUTHORITY\SYSTEM Error Code: 0x8007042c Error description: The dependency service or group failed to start.
6/24/2013 7:35:28 AM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 18.160.0.0 Update Source: User Update Stage: Install Source Path: Signature Type: Network Inspection System Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 2.1.8904.0 Error code: 0x8007042c Error description: The dependency service or group failed to start.
6/24/2013 7:20:00 PM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Network Inspection System Error Code: 0x8007042c Error description: The dependency service or group failed to start. Reason: The system is missing updates that are required for running Network Inspection System. Install the required updates and restart the computer.
6/24/2013 7:10:13 PM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Network Inspection System Error Code: 0x8007042c Error description: The dependency service or group failed to start. Reason: The system is missing updates that are required for running Network Inspection System. Install the required updates and restart the computer.
6/24/2013 7:01:30 PM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Network Inspection System Error Code: 0x8007042c Error description: The dependency service or group failed to start. Reason: The system is missing updates that are required for running Network Inspection System. Install the required updates and restart the computer.
6/24/2013 10:56:05 AM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Network Inspection System Error Code: 0x8007042c Error description: The dependency service or group failed to start. Reason: The system is missing updates that are required for running Network Inspection System. Install the required updates and restart the computer.
6/24/2013 10:49:47 AM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Network Inspection System Error Code: 0x8007042c Error description: The dependency service or group failed to start. Reason: The system is missing updates that are required for running Network Inspection System. Install the required updates and restart the computer.
6/23/2013 11:57:11 AM, Error: Service Control Manager [7031] - The Windows Search service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service.
6/23/2013 11:57:11 AM, Error: Service Control Manager [7024] - The Windows Search service terminated with service-specific error %%-1073473535.
6/23/2013 11:55:59 AM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Network Inspection System Error Code: 0x8007042c Error description: The dependency service or group failed to start. Reason: The system is missing updates that are required for running Network Inspection System. Install the required updates and restart the computer.
6/22/2013 7:11:43 PM, Error: Service Control Manager [7001] - The HomeGroup Provider service depends on the Function Discovery Provider Host service which failed to start because of the following error: The dependency service or group failed to start.
6/22/2013 7:11:43 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}
6/22/2013 7:11:43 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
6/22/2013 7:11:40 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
6/22/2013 7:11:34 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}
6/22/2013 7:07:47 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80070643: Definition Update for Microsoft Security Essentials - KB2310138 (Definition 1.153.418.0).
6/22/2013 7:07:19 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.153.418.0 Update Source: Microsoft Update Server Update Stage: Install Source Path: Microsoft Home Page | Devices and Services Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.9607.0 Error code: 0x80070643 Error description: Fatal error during installation.
6/22/2013 7:07:16 PM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Network Inspection System Error Code: 0x8007042c Error description: The dependency service or group failed to start. Reason: The system is missing updates that are required for running Network Inspection System. Install the required updates and restart the computer.
6/22/2013 7:07:16 PM, Error: Microsoft Antimalware [2003] - Microsoft Antimalware has encountered an error trying to update the engine. New Engine Version: Previous Engine Version: 2.1.8904.0 Engine Type: Network Inspection System User: NT AUTHORITY\SYSTEM Error Code: 0x8007042c Error description: The dependency service or group failed to start.
6/22/2013 7:07:16 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 18.160.0.0 Update Source: User Update Stage: Install Source Path: Signature Type: Network Inspection System Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 2.1.8904.0 Error code: 0x8007042c Error description: The dependency service or group failed to start.
6/22/2013 4:33:29 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80070643: Definition Update for Microsoft Security Essentials - KB2310138 (Definition 1.153.416.0).
6/22/2013 4:32:52 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.153.416.0 Update Source: Microsoft Update Server Update Stage: Install Source Path: Microsoft Home Page | Devices and Services Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.9607.0 Error code: 0x80070643 Error description: Fatal error during installation.
6/22/2013 4:32:46 PM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Network Inspection System Error Code: 0x8007042c Error description: The dependency service or group failed to start. Reason: The system is missing updates that are required for running Network Inspection System. Install the required updates and restart the computer.
6/22/2013 4:32:45 PM, Error: Microsoft Antimalware [2003] - Microsoft Antimalware has encountered an error trying to update the engine. New Engine Version: Previous Engine Version: 2.1.8904.0 Engine Type: Network Inspection System User: NT AUTHORITY\SYSTEM Error Code: 0x8007042c Error description: The dependency service or group failed to start.
6/22/2013 4:32:45 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 18.160.0.0 Update Source: User Update Stage: Install Source Path: Signature Type: Network Inspection System Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 2.1.8904.0 Error code: 0x8007042c Error description: The dependency service or group failed to start.
6/22/2013 4:21:10 PM, Error: Service Control Manager [7023] - The iPod Service service terminated with the following error: %%-2147417831
6/22/2013 4:20:35 PM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Network Inspection System Error Code: 0x8007042c Error description: The dependency service or group failed to start. Reason: The system is missing updates that are required for running Network Inspection System. Install the required updates and restart the computer.
6/22/2013 10:17:24 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.153.418.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: Default URL Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.9607.0 Error code: 0x8007043c Error description: This service cannot be started in Safe Mode
6/22/2013 10:17:24 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service wuauserv with arguments "" in order to run the server: {E60687F7-01A1-40AA-86AC-DB1CBF673334}
6/21/2013 11:11:17 AM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Network Inspection System Error Code: 0x8007042c Error description: The dependency service or group failed to start. Reason: The system is missing updates that are required for running Network Inspection System. Install the required updates and restart the computer.
.
==== End Of File ===========================
and then the mbar txt
---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.06.0.1004
(c) Malwarebytes Corporation 2011-2012
OS version: 6.1.7601 Windows 7 Service Pack 1 x64
Account is Administrative
Internet Explorer version: 10.0.9200.16618
Java version: 1.6.0_25
File system is: FAT32
Disk drives: C:\ DRIVE_FIXED, Q:\ DRIVE_FIXED
CPU speed: 1.296000 GHz
Memory total: 2792218624, free: 1351319552
Initializing...
------------ Kernel report ------------
06/28/2013 19:04:41
------------ Loaded modules -----------
\SystemRoot\system32\ntoskrnl.exe
\SystemRoot\system32\hal.dll
\SystemRoot\system32\kdcom.dll
\SystemRoot\system32\mcupdate_AuthenticAMD.dll
\SystemRoot\system32\PSHED.dll
\SystemRoot\system32\CLFS.SYS
\SystemRoot\system32\CI.dll
\SystemRoot\system32\drivers\Wdf01000.sys
\SystemRoot\system32\drivers\WDFLDR.SYS
\SystemRoot\system32\drivers\ACPI.sys
\SystemRoot\system32\drivers\WMILIB.SYS
\SystemRoot\system32\drivers\msisadrv.sys
\SystemRoot\system32\drivers\pci.sys
\SystemRoot\system32\drivers\vdrvroot.sys
\SystemRoot\System32\drivers\partmgr.sys
\SystemRoot\system32\drivers\compbatt.sys
\SystemRoot\system32\drivers\BATTC.SYS
\SystemRoot\system32\drivers\volmgr.sys
\SystemRoot\System32\drivers\volmgrx.sys
\SystemRoot\System32\drivers\mountmgr.sys
\SystemRoot\system32\DRIVERS\pciide.sys
\SystemRoot\system32\DRIVERS\PCIIDEX.SYS
\SystemRoot\system32\drivers\atapi.sys
\SystemRoot\system32\drivers\ataport.SYS
\SystemRoot\system32\drivers\msahci.sys
\SystemRoot\system32\DRIVERS\amd_sata.sys
\SystemRoot\system32\DRIVERS\storport.sys
\SystemRoot\system32\DRIVERS\amd_xata.sys
\SystemRoot\system32\drivers\amdxata.sys
\SystemRoot\system32\drivers\fltmgr.sys
\SystemRoot\system32\drivers\fileinfo.sys
\SystemRoot\system32\DRIVERS\MpFilter.sys
\SystemRoot\System32\Drivers\Ntfs.sys
\SystemRoot\System32\Drivers\msrpc.sys
\SystemRoot\System32\Drivers\ksecdd.sys
\SystemRoot\System32\Drivers\cng.sys
\SystemRoot\System32\drivers\pcw.sys
\SystemRoot\System32\Drivers\Fs_Rec.sys
\SystemRoot\system32\drivers\ndis.sys
\SystemRoot\system32\drivers\NETIO.SYS
\SystemRoot\System32\Drivers\ksecpkg.sys
\SystemRoot\System32\drivers\tcpip.sys
\SystemRoot\System32\drivers\fwpkclnt.sys
\SystemRoot\system32\drivers\volsnap.sys
\SystemRoot\system32\DRIVERS\TVALZ_O.SYS
\SystemRoot\System32\Drivers\spldr.sys
\SystemRoot\System32\drivers\rdyboost.sys
\SystemRoot\System32\Drivers\mup.sys
\SystemRoot\System32\drivers\hwpolicy.sys
\SystemRoot\System32\DRIVERS\fvevol.sys
\SystemRoot\system32\drivers\disk.sys
\SystemRoot\system32\drivers\CLASSPNP.SYS
\SystemRoot\system32\DRIVERS\cdrom.sys
\SystemRoot\System32\Drivers\Null.SYS
\SystemRoot\System32\Drivers\Beep.SYS
\SystemRoot\System32\drivers\vga.sys
\SystemRoot\System32\drivers\VIDEOPRT.SYS
\SystemRoot\System32\drivers\watchdog.sys
\SystemRoot\System32\DRIVERS\RDPCDD.sys
\SystemRoot\system32\drivers\rdpencdd.sys
\SystemRoot\system32\drivers\rdprefmp.sys
\SystemRoot\System32\Drivers\Msfs.SYS
\SystemRoot\System32\Drivers\Npfs.SYS
\SystemRoot\system32\DRIVERS\tdx.sys
\SystemRoot\system32\DRIVERS\TDI.SYS
\SystemRoot\system32\drivers\afd.sys
\SystemRoot\System32\DRIVERS\netbt.sys
\SystemRoot\system32\DRIVERS\wfplwf.sys
\SystemRoot\system32\DRIVERS\pacer.sys
\SystemRoot\system32\DRIVERS\vwififlt.sys
\SystemRoot\system32\DRIVERS\netbios.sys
\SystemRoot\system32\DRIVERS\wanarp.sys
\SystemRoot\system32\DRIVERS\termdd.sys
\SystemRoot\system32\DRIVERS\rdbss.sys
\SystemRoot\system32\drivers\nsiproxy.sys
\SystemRoot\system32\DRIVERS\mssmbios.sys
\SystemRoot\System32\drivers\discache.sys
\SystemRoot\System32\Drivers\dfsc.sys
\SystemRoot\system32\DRIVERS\blbdrive.sys
\SystemRoot\system32\DRIVERS\tunnel.sys
\SystemRoot\system32\DRIVERS\amdppm.sys
\SystemRoot\system32\DRIVERS\atikmpag.sys
\SystemRoot\system32\DRIVERS\atikmdag.sys
\SystemRoot\System32\drivers\dxgkrnl.sys
\SystemRoot\System32\drivers\dxgmms1.sys
\SystemRoot\system32\DRIVERS\tdcmdpst.sys
\SystemRoot\system32\DRIVERS\GEARAspiWDM.sys
\SystemRoot\system32\DRIVERS\usbohci.sys
\SystemRoot\system32\DRIVERS\USBPORT.SYS
\SystemRoot\system32\DRIVERS\usbehci.sys
\SystemRoot\system32\DRIVERS\HDAudBus.sys
\SystemRoot\system32\DRIVERS\i8042prt.sys
\SystemRoot\system32\DRIVERS\kbdclass.sys
\SystemRoot\system32\DRIVERS\ETD.sys
\SystemRoot\system32\DRIVERS\mouclass.sys
\SystemRoot\system32\DRIVERS\CmBatt.sys
\SystemRoot\system32\DRIVERS\rtl8192Ce.sys
\SystemRoot\system32\DRIVERS\vwifibus.sys
\SystemRoot\system32\DRIVERS\L1C62x64.sys
\SystemRoot\system32\DRIVERS\FwLnk.sys
\SystemRoot\system32\DRIVERS\CompositeBus.sys
\SystemRoot\system32\DRIVERS\AgileVpn.sys
\SystemRoot\system32\DRIVERS\rasl2tp.sys
\SystemRoot\system32\DRIVERS\ndistapi.sys
\SystemRoot\system32\DRIVERS\ndiswan.sys
\SystemRoot\system32\DRIVERS\raspppoe.sys
\SystemRoot\system32\DRIVERS\raspptp.sys
\SystemRoot\system32\DRIVERS\rassstp.sys
\SystemRoot\system32\DRIVERS\swenum.sys
\SystemRoot\system32\DRIVERS\ks.sys
\SystemRoot\system32\DRIVERS\umbus.sys
\SystemRoot\system32\DRIVERS\usbhub.sys
\SystemRoot\System32\Drivers\NDProxy.SYS
\SystemRoot\system32\drivers\CHDRT64.sys
\SystemRoot\system32\drivers\portcls.sys
\SystemRoot\system32\drivers\drmk.sys
\SystemRoot\system32\drivers\ksthunk.sys
\SystemRoot\system32\DRIVERS\usbccgp.sys
\SystemRoot\system32\DRIVERS\USBD.SYS
\SystemRoot\System32\Drivers\usbvideo.sys
\SystemRoot\system32\DRIVERS\pgeffect.sys
\SystemRoot\System32\Drivers\crashdmp.sys
\SystemRoot\System32\Drivers\dump_diskdump.sys
\SystemRoot\System32\Drivers\dump_amd_sata.sys
\SystemRoot\System32\Drivers\dump_dumpfve.sys
\SystemRoot\System32\win32k.sys
\SystemRoot\System32\drivers\Dxapi.sys
\SystemRoot\system32\DRIVERS\monitor.sys
\SystemRoot\System32\TSDDD.dll
\SystemRoot\System32\cdd.dll
\SystemRoot\System32\ATMFD.DLL
\SystemRoot\system32\drivers\luafv.sys
\SystemRoot\system32\DRIVERS\Sftvollh.sys
\SystemRoot\system32\DRIVERS\lltdio.sys
\SystemRoot\system32\DRIVERS\nwifi.sys
\SystemRoot\system32\DRIVERS\ndisuio.sys
\SystemRoot\system32\DRIVERS\rspndr.sys
\SystemRoot\system32\drivers\HTTP.sys
\SystemRoot\System32\DRIVERS\srvnet.sys
\SystemRoot\system32\DRIVERS\bowser.sys
\SystemRoot\system32\DRIVERS\mrxsmb.sys
\SystemRoot\system32\DRIVERS\mrxsmb10.sys
\SystemRoot\system32\DRIVERS\mrxsmb20.sys
\SystemRoot\System32\DRIVERS\srv2.sys
\SystemRoot\System32\DRIVERS\srv.sys
\SystemRoot\system32\DRIVERS\vwifimp.sys
\SystemRoot\system32\drivers\peauth.sys
\SystemRoot\System32\Drivers\secdrv.SYS
\SystemRoot\system32\DRIVERS\Sftfslh.sys
\SystemRoot\system32\DRIVERS\Sftplaylh.sys
\SystemRoot\System32\drivers\tcpipreg.sys
\SystemRoot\system32\DRIVERS\Sftredirlh.sys
\SystemRoot\System32\Drivers\fastfat.SYS
\SystemRoot\system32\drivers\WudfPf.sys
\SystemRoot\system32\DRIVERS\USBSTOR.SYS
\SystemRoot\system32\DRIVERS\WUDFRd.sys
\SystemRoot\system32\DRIVERS\dc3d.sys
\SystemRoot\system32\DRIVERS\HIDPARSE.SYS
\SystemRoot\system32\DRIVERS\hidusb.sys
\SystemRoot\system32\DRIVERS\HIDCLASS.SYS
\SystemRoot\system32\DRIVERS\kbdhid.sys
\SystemRoot\system32\DRIVERS\mouhid.sys
\SystemRoot\system32\DRIVERS\point64.sys
\??\C:\windows\system32\drivers\mbamchameleon.sys
\??\C:\windows\system32\drivers\mbamswissarmy.sys
\Windows\System32\ntdll.dll
\Windows\System32\smss.exe
\Windows\System32\apisetschema.dll
----------- End -----------
Done!
<<<1>>>
Upper Device Name: \Device\Harddisk1\DR2
Upper Device Object: 0xfffffa8008fcc060
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\00000078\
Lower Device Object: 0xfffffa8009a69620
Lower Device Driver Name: \Driver\USBSTOR\
<<<1>>>
Upper Device Name: \Device\Harddisk0\DR0
Upper Device Object: 0xfffffa8002fe8060
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\00000061\
Lower Device Object: 0xfffffa80029c12b0
Lower Device Driver Name: \Driver\amd_sata\
<<<2>>>
Device number: 0, partition: 2
Physical Sector Size: 512
Drive: 0, DevicePointer: 0xfffffa8002fe8060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xfffffa8002fe7500, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xfffffa8002fe8060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
DevicePointer: 0xfffffa8002ebb040, DeviceName: Unknown, DriverName: \Driver\amd_xata\
DevicePointer: 0xfffffa80029c12b0, DeviceName: \Device\00000061\, DriverName: \Driver\amd_sata\
------------ End ----------
Alternate DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
Upper DeviceData: 0x0, 0x0, 0x0
Lower DeviceData: 0x0, 0x0, 0x0
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
<<<2>>>
Device number: 0, partition: 2
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Scanning drivers directory: C:\windows\system32\drivers...
<<<2>>>
Device number: 0, partition: 2
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Done!
Drive 0
Scanning MBR on drive 0...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: 20C94C86
Partition information:
Partition 0 type is Other (0x27)
Partition is ACTIVE.
Partition starts at LBA: 2048 Numsec = 3072000
Partition file system is NTFS
Partition is bootable
Partition 1 type is Primary (0x7)
Partition is NOT ACTIVE.
Partition starts at LBA: 3074048 Numsec = 593326080
Partition 2 type is HIDDEN (0x17)
Partition is NOT ACTIVE.
Partition starts at LBA: 596400128 Numsec = 28741632
Partition is not bootable
Hidden partition VBR is not infected.
Partition 3 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0
Disk Size: 320072933376 bytes
Sector size: 512 bytes
Scanning physical sectors of unpartitioned space on drive 0 (1-2047-625122448-625142448)...
Done!
Physical Sector Size: 512
Drive: 1, DevicePointer: 0xfffffa8008fcc060, DeviceName: \Device\Harddisk1\DR2\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xfffffa80077f8300, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xfffffa8008fcc060, DeviceName: \Device\Harddisk1\DR2\, DriverName: \Driver\Disk\
DevicePointer: 0xfffffa8009a69620, DeviceName: \Device\00000078\, DriverName: \Driver\USBSTOR\
------------ End ----------
Alternate DeviceName: \Device\Harddisk1\DR2\, DriverName: \Driver\Disk\
Upper DeviceData: 0x0, 0x0, 0x0
Lower DeviceData: 0x0, 0x0, 0x0
Drive 1
Scanning MBR on drive 1...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: 0
Partition information:
Partition 0 type is Other (0xb)
Partition is NOT ACTIVE.
Partition starts at LBA: 32 Numsec = 7821280
Partition 1 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0
Partition 2 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0
Partition 3 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0
Disk Size: 4004511744 bytes
Sector size: 512 bytes
Done!
Infected: HKCU\SOFTWARE\CLASSES\CLSID\{fbeb8a05-beee-4442-804e-409d6c4515e9} --> [Hijack.Trojan.Siredef.C]
Infected: c:\$Recycle.Bin\S-1-5-18\$1124a725e7eb82f4e97828044d39f9dc\U --> [Trojan.Siredef.C]
Infected: c:\$Recycle.Bin\S-1-5-21-688125088-2454436718-3453892321-1000\$1124a725e7eb82f4e97828044d39f9dc\U --> [Trojan.Siredef.C]
Infected: c:\$Recycle.Bin\S-1-5-18\$1124a725e7eb82f4e97828044d39f9dc\L --> [Trojan.Siredef.C]
Infected: c:\$Recycle.Bin\S-1-5-21-688125088-2454436718-3453892321-1000\$1124a725e7eb82f4e97828044d39f9dc\L --> [Trojan.Siredef.C]
Infected: c:\$Recycle.Bin\S-1-5-18\$1124a725e7eb82f4e97828044d39f9dc --> [Trojan.Siredef.C]
Infected: c:\$Recycle.Bin\S-1-5-21-688125088-2454436718-3453892321-1000\$1124a725e7eb82f4e97828044d39f9dc --> [Trojan.Siredef.C]
Scan finished
kick-4 is offline  
Old 06-28-2013, 07:52 PM   #6
TSF Security Manager
Emeritus
 
tetonbob's Avatar
 
Join Date: Jan 2005
Location: Transylvania County, North Carolina, USA
Posts: 52,197
OS: XP Pro; XP Home; Win7 x86 & x64



Please be sure to send the DDS.txt log also.

Rescan with Malwarebytes Anti-Rootkit. This time click on the Cleanup button and reboot at the prompt when it's presented.

Once back in Windows, please send both these logs as ***attachments***.

The new mbar-log-2013-xx-xx(xx-xx-xx).txt (where xx-xx(xx-xx-xx) is the date and time of the scan)

The system-log.txt

And do not forget the DDS.txt log.

Thank you.
__________________
Practice Safe Surfing
Because what you don't know, CAN hurt you.
Proud Member of UNITE since 2006

Microsoft MVP Consumer Security 2009 - 2015
tetonbob is offline  
Old 06-28-2013, 08:16 PM   #7
Registered Member
 
Join Date: Jun 2013
Posts: 15
OS: windows 7



i did send it the one ur asking for was first anh mbar was 2/3 down same post
kick-4 is offline  
Old 06-28-2013, 08:21 PM   #8
TSF Security Manager
Emeritus
 
tetonbob's Avatar
 
Join Date: Jan 2005
Location: Transylvania County, North Carolina, USA
Posts: 52,197
OS: XP Pro; XP Home; Win7 x86 & x64



Please read my instructions again.

I have yet to receive a DDS.txt

What I did receive was the attach.txt log pasted into the reply, when I asked for it to be attached.

What I did receive was the system-log.txt log, pasted into the reply, when I asked for it to be attached.

What I did not receive was the dds.txt file created by the DDS tool.

When you run MBAR again and allow it to clean what it finds, a new scan log will be created, and system-log.txt will be appended. I want both those new logs.

I also still want a dds.txt log.

I am trying to help you but to do so I need the logs I request in the manner in which I request them.

Thank you.
__________________
Practice Safe Surfing
Because what you don't know, CAN hurt you.
Proud Member of UNITE since 2006

Microsoft MVP Consumer Security 2009 - 2015
tetonbob is offline  
Old 06-28-2013, 08:40 PM   #9
Registered Member
 
Join Date: Jun 2013
Posts: 15
OS: windows 7



i misread it i didnt see attached
Attached Files
File Type: txt dds.txt (30.1 KB, 67 views)
File Type: txt system-log.txt (23.9 KB, 49 views)
kick-4 is offline  
Old 06-28-2013, 08:47 PM   #10
TSF Security Manager
Emeritus
 
tetonbob's Avatar
 
Join Date: Jan 2005
Location: Transylvania County, North Carolina, USA
Posts: 52,197
OS: XP Pro; XP Home; Win7 x86 & x64



OK, we're getting closer but still seem to be miscommunicating.

Thank you for the DDS.txt log but that looks like an attach.txt log which was renamed. Let's forget that for now.

That system-log.txt file seems like the original. I need you to run MBAR once again, and allow it to cure what it finds by clicking on the Cleanup button. Reboot at the prompt. Once back in Windows, send these new logs.

The new mbar-log-2013-xx-xx(xx-xx-xx).txt (where xx-xx(xx-xx-xx) is the date and time of the scan)

The system-log.txt which will be appended to.

If you do not understand what I'm asking you to do, please stop and ask.
__________________
Practice Safe Surfing
Because what you don't know, CAN hurt you.
Proud Member of UNITE since 2006

Microsoft MVP Consumer Security 2009 - 2015
tetonbob is offline  
Old 06-29-2013, 07:26 AM   #11
Registered Member
 
Join Date: Jun 2013
Posts: 15
OS: windows 7



attached
Attached Files
File Type: txt mbar-log-2013-06-29 (08-17-46).txt (3.6 KB, 47 views)
kick-4 is offline  
Old 06-29-2013, 08:23 AM   #12
TSF Security Manager
Emeritus
 
tetonbob's Avatar
 
Join Date: Jan 2005
Location: Transylvania County, North Carolina, USA
Posts: 52,197
OS: XP Pro; XP Home; Win7 x86 & x64



That looks like it worked, but I seem to be having difficulty getting all the logs I'm requesting. If you are having troubles understanding my instructions, please let me know so I can try to clarify for you.

Let's try this...Run DDS once again. It should create two logs on your desktop, dds.txt and attach.txt

Here are the instructions again

Download DDS and save it to your desktop from here
https://download.bleepingcomputer.com/sUBs/dds.scr

Double click dds.scr to run the tool.
• When done, DDS will save two (2) logs to your desktop.
1. DDS.txt
2. Attach.txt
• Attach both in reply.
You can ignore the note about zipping the Attach.txt file and just attach it to your reply.

I am looking for both dds.txt and attach.txt
__________________
Practice Safe Surfing
Because what you don't know, CAN hurt you.
Proud Member of UNITE since 2006

Microsoft MVP Consumer Security 2009 - 2015
tetonbob is offline  
Old 06-30-2013, 05:27 AM   #13
Registered Member
 
Join Date: Jun 2013
Posts: 15
OS: windows 7



think i got it
Attached Files
File Type: txt dds.txt (18.8 KB, 51 views)
File Type: txt attach.txt (30.1 KB, 49 views)
kick-4 is offline  
Old 06-30-2013, 08:11 AM   #14
TSF Security Manager
Emeritus
 
tetonbob's Avatar
 
Join Date: Jan 2005
Location: Transylvania County, North Carolina, USA
Posts: 52,197
OS: XP Pro; XP Home; Win7 x86 & x64



Great, that's what I needed to see. Due to some of the entries in the latest logs, I'd like to run one more malware removal tool.
  1. Download ComboFix from here:

    https://download.bleepingcomputer.com/sUBs/ComboFix.exe

    * IMPORTANT !!! Place ComboFix.exe on your Desktop
  2. Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with ComboFix.


    You can get help on disabling your protection programs here
  3. Double click on ComboFix.exe & follow the prompts.

  4. Your desktop may go blank. This is normal. It will return when ComboFix is done. ComboFix may reboot your machine. This is normal.
  5. When finished, it shall produce a log for you. Post that log in your next reply

    Note:
    Do not mouseclick combofix's window whilst it's running. That may cause it to stall.


    ---------------------------------------------------------------------------------------------
  6. Ensure your AntiVirus and AntiSpyware applications are re-enabled.

    ---------------------------------------------------------------------------------------------

NOTE: If you encounter a message "illegal operation attempted on registry key that has been marked for deletion" and no programs will run - please just reboot and that will resolve that error.
__________________
Practice Safe Surfing
Because what you don't know, CAN hurt you.
Proud Member of UNITE since 2006

Microsoft MVP Consumer Security 2009 - 2015
tetonbob is offline  
Old 07-01-2013, 03:58 PM   #15
Registered Member
 
Join Date: Jun 2013
Posts: 15
OS: windows 7



ok got that done and got a long log list, did you need it
kick-4 is offline  
Old 07-01-2013, 05:47 PM   #16
TSF Security Manager
Emeritus
 
tetonbob's Avatar
 
Join Date: Jan 2005
Location: Transylvania County, North Carolina, USA
Posts: 52,197
OS: XP Pro; XP Home; Win7 x86 & x64



Quote:
5. When finished, it shall produce a log for you. Post that log in your next reply
Yes please. If it's too many characters to paste into a reply, attach it.
__________________
Practice Safe Surfing
Because what you don't know, CAN hurt you.
Proud Member of UNITE since 2006

Microsoft MVP Consumer Security 2009 - 2015
tetonbob is offline  
Old 07-01-2013, 06:52 PM   #17
Registered Member
 
Join Date: Jun 2013
Posts: 15
OS: windows 7



attaced log file
Attached Files
File Type: txt combo fix log.txt (21.7 KB, 54 views)
kick-4 is offline  
Old 07-01-2013, 06:55 PM   #18
Registered Member
 
Join Date: Jun 2013
Posts: 15
OS: windows 7



It appears that my windows firewall works now or the service has started
kick-4 is offline  
Old 07-01-2013, 07:24 PM   #19
TSF Security Manager
Emeritus
 
tetonbob's Avatar
 
Join Date: Jan 2005
Location: Transylvania County, North Carolina, USA
Posts: 52,197
OS: XP Pro; XP Home; Win7 x86 & x64



Great, things are looking good here.

While we are here...Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system. Please follow these steps to remove older version Java components and update.

Download the latest version of Java Runtime Environment (JRE) and save it to your desktop.
Java Downloads for All Operating Systems

Click on the link to download Windows Offline Installation and save the file to your desktop.
Close any programs you may have running - especially your web browser.Go to Start > Control Panel, Uninstall a program, and remove all older versions of Java.
Check (highlight) any item with Java Runtime Environment (JRE or J2SE or Java(TM) 6) in the name.
Click the Uninstall button. Repeat as many times as necessary to remove each Java version.

Java(TM) 6 Update 25


Reboot your computer once all Java components are removed. Then from your desktop double-click on jre-7u25-windows-i586.exe to install the newest version.

After the install is complete, go into the Control Panel, type Java in the search area and click the Java Icon. (looks like a coffee cup)
On the General tab, under Temporary Internet Files, click the Settings button.Next, click on the Delete Files button

There are three options in the window to clear the cache - Ensure these two are Checked

Trace and Log Files
Cached Applications and Applets


Click OK on Delete Temporary Files Window
Note: This deletes ALL the Downloaded Applications and Applets from the CACHE.Click OK to leave the Temporary Files Window. Click OK to leave the Java Control Panel.

=========

Let's run one more scan to look for remnants.

Go here to run an online scannner from ESET. Windows Vista/Windows 7 users will need to right click on their Internet Explorer shortcut, and select Run as Administrator
  • Note: For browsers other than Internet Explorer, you will be prompted to download and install esetsmartinstaller_enu.exe. Click on the link and save the file to a convenient location. Double click on it to install and a new window will open. Follow the prompts.
  • Turn off the real time scanner of any existing antivirus program while performing the online scan
  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start
  • When asked, allow the activex control to install
  • Click Start
  • Make sure that the option Remove found threats is unticked and the Scan Archives option is ticked.
  • Click on Advanced Settings, ensure the options Scan for potentially unwanted applications, Scan for potentially unsafe applications, and Enable Anti-Stealth Technology are ticked.
  • Click Scan
  • Wait for the scan to finish
  • When the scan is done, if it shows a screen that says "Threats found!", then click "List of found threats", and then click "Export to text file..."
  • Save that text file on your desktop. Copy and paste the contents of that log as a reply to this topic.
  • Close the ESET online scan, and also let me know how things are now.
__________________
Practice Safe Surfing
Because what you don't know, CAN hurt you.
Proud Member of UNITE since 2006

Microsoft MVP Consumer Security 2009 - 2015
tetonbob is offline  
Old 07-02-2013, 04:10 AM   #20
Registered Member
 
Join Date: Jun 2013
Posts: 15
OS: windows 7



your last post did not say to clean with eset just export log
Attached Files
File Type: txt eset.txt (994 Bytes, 76 views)
kick-4 is offline  
 

Thread Tools Search this Thread
Search this Thread:

Advanced Search

Similar Threads
Thread Thread Starter Forum Replies Last Post
FRST.exe (Farbar Recovery Scanner Tool)
Posted here at TSF with Farbar's permission. Please post any questions or comments in the FRST.exe (Farbar's Recovery Tool) Discussion thread in the Security Hole. I've taken the liberty to list out a quick reference guide of FRST's features. They are listed in alphabetical order so you can...
Ried Speciality Tools And Scanners 5 11-26-2013 07:36 PM
Farbar Service Scanner
With permission of farbar, as posted at Bleeping Computer Please post any questions or comments in the FSS.exe (Farbar Service Scanner) Discussion thread in the Security Hole. https://i646.photobucket.com/albums/uu186/farbar/FSS.gif There are cases where internet connection issue is not...
tetonbob Speciality Tools And Scanners 1 05-25-2012 07:38 PM
FSS.exe (Farbar Service Scanner) Discussion
Farbar Service Scanner is a tool to check internet connection related services. With the recent spate of ZAccess/0access topics in the forums, this tool can help us determine remaining issues. Information about this tool is posted in our Specialty Tools and Scanners section. FSS.exe (Farbar...
tetonbob The Security Hole 1 12-26-2011 06:47 AM
FSS.exe (Farbar Service Scanner) Discussion
Farbar Service Scanner is a tool to check internet connection related services. With the recent spate of ZAccess/0access topics in the forums, this tool can help us determine remaining issues. Information about this tool is posted in the Annex. FSS.exe (Farbar Service Scanner) Please use this...
tetonbob The Annex 0 12-24-2011 08:44 AM
Farbar Service Scanner (FSS.exe)
With permission of farbar, as posted at Bleeping Computer Please post any questions or comments in the FSS.exe (Farbar Service Scanner) Discussion thread in The Annex. https://i646.photobucket.com/albums/uu186/farbar/FSS.gif There are cases where internet connection issue is not going to...
tetonbob The Annex 0 12-24-2011 08:43 AM

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is on
Smilies are on
[IMG] code is on
HTML code is Off
Trackbacks are Off
Pingbacks are Off
Refbacks are Off


Post a Question


» Site Navigation
 > FAQ
  > 10.0.0.2
Powered by vBadvanced CMPS v3.2.3


All times are GMT -7. The time now is 12:30 AM.


Powered by vBulletin® Version 3.8.8
Copyright ©2000 - 2020, vBulletin Solutions, Inc.
vBulletin Security provided by vBSecurity v2.2.2 (Pro) - vBulletin Mods & Addons Copyright © 2020 DragonByte Technologies Ltd.
User Alert System provided by Advanced User Tagging v3.1.0 (Pro) - vBulletin Mods & Addons Copyright © 2020 DragonByte Technologies Ltd.
Copyright 2001 - 2018, Tech Support Forum

Windows 10 - Windows 7 - Windows XP - Windows Vista - Trojan Removal - Spyware Removal - Virus Removal - Networking - Security - Top Web Hosts